ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-31 07:27:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PrivEsc - Linux Task

Browse Source
This commit is contained in:
Swissky 2019-03-31 15:05:13 +02:00
parent bbc9029dd6
commit 289fa8c22b
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Methodology and Resources/Linux - Privilege Escalation.md
View File

@ -13,7 +13,9 @@
## Summary ## Summary
* [Checklist](#checklist) * [Checklist](#checklist)
* [Cron jobs](#cron-jobs) * [Scheduled tasks](#scheduled-tasks)
* [Cron jobs](#cron-jobs)
* [Systemd timers](#systemd-timers)
* [SUID](#suid) * [SUID](#suid)
* [Find SUID binaries](#find-suid-binaries) * [Find SUID binaries](#find-suid-binaries)
* [Create a SUID binary](#create-a-suid-binary) * [Create a SUID binary](#create-a-suid-binary)
@ -108,7 +110,9 @@
* Checks to see if the host has Docker installed * Checks to see if the host has Docker installed
* Checks to determine if we're in an LXC container * Checks to determine if we're in an LXC container
## Cron jobs ## Scheduled tasks
### Cron jobs
Check if you have access with write permission on these files. Check if you have access with write permission on these files.
Check inside the file, to find other paths with write permissions. Check inside the file, to find other paths with write permissions.
@ -133,6 +137,18 @@ Check inside the file, to find other paths with write permissions.
/var/spool/cron/crontabs/root /var/spool/cron/crontabs/root
``` ```
## Systemd timers
```powershell
systemctl list-timers --all
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2019-04-01 02:59:14 CEST 15h left Sun 2019-03-31 10:52:49 CEST 24min ago apt-daily.timer apt-daily.service
Mon 2019-04-01 06:20:40 CEST 19h left Sun 2019-03-31 10:52:49 CEST 24min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Mon 2019-04-01 07:36:10 CEST 20h left Sat 2019-03-09 14:28:25 CET 3 weeks 0 days ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
3 timers listed.
```
## SUID ## SUID
SUID/Setuid stands for "set user ID upon execution", it is enabled by default in every Linux distributions. If a file with this bit is ran, the uid will be changed by the owner one. If the file owner is `root`, the uid will be changed to `root` even if it was executed from user `bob`. SUID bit is represented by an `s`. SUID/Setuid stands for "set user ID upon execution", it is enabled by default in every Linux distributions. If a file with this bit is ran, the uid will be changed by the owner one. If the file owner is `root`, the uid will be changed to `root` even if it was executed from user `bob`. SUID bit is represented by an `s`.

1
Methodology and Resources/Windows - Privilege Escalation.md
View File

@ -592,3 +592,4 @@ $ computer = "<hostname>"
* [Pentestlab.blog - WPE-11 - Secondary Logon Handle](https://pentestlab.blog/2017/04/07/secondary-logon-handle/) * [Pentestlab.blog - WPE-11 - Secondary Logon Handle](https://pentestlab.blog/2017/04/07/secondary-logon-handle/)
* [Pentestlab.blog - WPE-12 - Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/) * [Pentestlab.blog - WPE-12 - Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/)
* [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/) * [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)
* [Alternative methods of becoming SYSTEM - 20th November 2017 - Adam Chester @_xpn_](https://blog.xpnsec.com/becoming-system/)