Linux Privilege Escalation
Initial Manual Enumeration
Start with the basics by hand, just to get a sense of what system you’re on and in what context.
Users
id || (whoami && groups) 2>/dev/null # Who am I?
grep -vE "nologin|false" /etc/passwd # Users with console
w # Currently login users
last | tail # Login history
File System
pwd # Where am I now?
ls -al # What is in the current folder?
ls -al / # What is in the file system root?
OS & Kernel & Processes
cat /etc/issue
cat /etc/*-release # What OS release is running?
uname -a # Kernel details
lsb_release -a # Backup/alternative option
ps -aux --forest -ww # Show the process forest
Network Basics
# Host resolution
hostname
cat /etc/hosts
# Network interfaces
ip addr show
# Active ports
netstat -punta
Current Environment
echo $PATH
env
Automated Enumeration
In order of favorites
Linux Smart Enumeration (LSE)
git clone https://github.com/diego-treitos/linux-smart-enumeration
./lse.sh -l1
./lse.sh -l2
linpeas
linpeas.sh
LinEnum
git clone https://github.com/rebootuser/LinEnum.git
bash LinEnum.sh
unix-prevesc-check
http://pentestmonkey.net/roots/audit/unix-privesc-check
Manual Enumeration
Coming Soon (there’s a lot)