GreySec Forums

Full Version: Ideas for Privilege Escalation (Linux)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Ideas for Privilege Escalation (Linux)

Been reading up on privilege escalation for Linux lately. Just sharing some interesting links and methods for this. I'll make a complete guide/thread once I've gotten the hang of it more.

- Local root exploitation

In other words, kernel exploits. See thread: https://greysec.net/showthread.php?tid=1355

- Exploiting SUID (Set User ID) files or exploiting cronjobs.
https://www.hackingarticles.in/linux-pri...-binaries/
https://null-byte.wonderhowto.com/how-to...t-0173929/

https://www.hackingarticles.in/linux-pri...cron-jobs/
https://skyenet.tech/exploiting-cron-jobs/
https://www.armourinfosec.com/linux-priv...-cronjobs/

- Using symbolic links to obtain root.
https://security.stackexchange.com/quest...nerability
https://www.hackingarticles.in/linux-pri...-variable/

- IFS exploitation.
http://www.dankalia.com/tutor/01005/0100501004.htm
https://github.com/frizb/Linux-Privilege.../README.md
https://stackoverflow.com/questions/2106...ad-and-ifs
https://book.hacktricks.xyz/ is also good resource for privilege escalation techniques.
https://blog.g0tmi1k.com/2011/08/basic-l...scalation/
Kinda dated, but still relevant post by the legendary g0tmi1k