Github Email LinkedIn

โญ•Privilege Escalation

know before you start

1. first rule of privilege escalation is that you HAVE TO be familiar with target system command line, actually the more comfortable you are with the shell the better and easier will be the privesc phase.

2. DO NOT jump to kernel exploits FIRST. yes, yes, in a CTF its a low-hanging fruit but in a real life scenario you dont want to crash the system SPECIALLY web and file servers, do you?

3. whatever tool you use for prives or whats called the post-exploitation information gathering, remember you should use manual techniques too. make sure you didnt miss anything.

4. all privilege escalations are effectively examples of access control violations. so if you can access what you want, there is usually no need to gain a root shell, except in a CTF or when you're trying to impress your client.

Resources

LogoLinux Privilege EscalationHackTricks
LogoBasic Linux Privilege Escalation - g0tmi1k
LogoPayloadsAllTheThings/Linux - Privilege Escalation.md at master ยท swisskyrepo/PayloadsAllTheThingsGitHub
LogoPrivilege Escalation - Linux ยท Total OSCP Guide
LogoPrivilege escalation on linux with live examples - Infosec ResourcesInfosec Resources
LogoRight to root. Privilege escalation in LinuxHackMag

Automated Tools

a list of automated tools used in post-exploitation enumeration and privilege escalation.

LogoGitHub - AlessandroZ/BeRoot: Privilege Escalation Project - Windows / Linux / MacGitHub
LogoGitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation ChecksGitHub
LogoPEASS-ng/linPEAS at master ยท carlospolop/PEASS-ngGitHub
PreviousEnumerationNextSUID / SGID abuse

Last updated