Linux Privilege Escalation

Initial Manual Enumeration

Start with the basics by hand, just to get a sense of what system you’re on and in what context.

Users

id || (whoami && groups) 2>/dev/null    # Who am I?
grep -vE "nologin|false" /etc/passwd    # Users with console

w               # Currently login users
last | tail     # Login history

File System

pwd         # Where am I now?
ls -al      # What is in the current folder?
ls -al /    # What is in the file system root?

OS & Kernel & Processes

cat /etc/issue
cat /etc/*-release      # What OS release is running?
uname -a                # Kernel details
lsb_release -a          # Backup/alternative option
ps -aux --forest -ww    # Show the process forest

Network Basics

# Host resolution
hostname
cat /etc/hosts

# Network interfaces
ip addr show

# Active ports
netstat -punta

Current Environment

echo $PATH
env

Automated Enumeration

In order of favorites

Linux Smart Enumeration (LSE)

git clone https://github.com/diego-treitos/linux-smart-enumeration

./lse.sh -l1
./lse.sh -l2

linpeas

https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh

linpeas.sh

LinEnum

git clone https://github.com/rebootuser/LinEnum.git

bash LinEnum.sh

unix-prevesc-check

http://pentestmonkey.net/roots/audit/unix-privesc-check

Manual Enumeration

Coming Soon (there’s a lot)