mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2025-01-18 17:28:49 +00:00
PrivEsc - Linux Task
This commit is contained in:
parent
bbc9029dd6
commit
289fa8c22b
@ -13,7 +13,9 @@
|
||||
## Summary
|
||||
|
||||
* [Checklist](#checklist)
|
||||
* [Cron jobs](#cron-jobs)
|
||||
* [Scheduled tasks](#scheduled-tasks)
|
||||
* [Cron jobs](#cron-jobs)
|
||||
* [Systemd timers](#systemd-timers)
|
||||
* [SUID](#suid)
|
||||
* [Find SUID binaries](#find-suid-binaries)
|
||||
* [Create a SUID binary](#create-a-suid-binary)
|
||||
@ -108,7 +110,9 @@
|
||||
* Checks to see if the host has Docker installed
|
||||
* Checks to determine if we're in an LXC container
|
||||
|
||||
## Cron jobs
|
||||
## Scheduled tasks
|
||||
|
||||
### Cron jobs
|
||||
|
||||
Check if you have access with write permission on these files.
|
||||
Check inside the file, to find other paths with write permissions.
|
||||
@ -133,6 +137,18 @@ Check inside the file, to find other paths with write permissions.
|
||||
/var/spool/cron/crontabs/root
|
||||
```
|
||||
|
||||
## Systemd timers
|
||||
|
||||
```powershell
|
||||
systemctl list-timers --all
|
||||
NEXT LEFT LAST PASSED UNIT ACTIVATES
|
||||
Mon 2019-04-01 02:59:14 CEST 15h left Sun 2019-03-31 10:52:49 CEST 24min ago apt-daily.timer apt-daily.service
|
||||
Mon 2019-04-01 06:20:40 CEST 19h left Sun 2019-03-31 10:52:49 CEST 24min ago apt-daily-upgrade.timer apt-daily-upgrade.service
|
||||
Mon 2019-04-01 07:36:10 CEST 20h left Sat 2019-03-09 14:28:25 CET 3 weeks 0 days ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
|
||||
|
||||
3 timers listed.
|
||||
```
|
||||
|
||||
## SUID
|
||||
|
||||
SUID/Setuid stands for "set user ID upon execution", it is enabled by default in every Linux distributions. If a file with this bit is ran, the uid will be changed by the owner one. If the file owner is `root`, the uid will be changed to `root` even if it was executed from user `bob`. SUID bit is represented by an `s`.
|
||||
|
@ -591,4 +591,5 @@ $ computer = "<hostname>"
|
||||
* [Pentestlab.blog - WPE-10 - Token Manipulation](https://pentestlab.blog/2017/04/03/token-manipulation/)
|
||||
* [Pentestlab.blog - WPE-11 - Secondary Logon Handle](https://pentestlab.blog/2017/04/07/secondary-logon-handle/)
|
||||
* [Pentestlab.blog - WPE-12 - Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/)
|
||||
* [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)
|
||||
* [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)
|
||||
* [Alternative methods of becoming SYSTEM - 20th November 2017 - Adam Chester @_xpn_](https://blog.xpnsec.com/becoming-system/)
|
Loading…
Reference in New Issue
Block a user