TamaGorengs Notes
  • πŸ‘¨β€πŸ’»Whoami
  • πŸ—ΊοΈActive Directory
    • Active Directory Enumeration
    • AD Reconnaissance
      • LDAP
    • Movement
      • Kerberos
        • ASREProast
        • Pass The Hash
        • Pass The Ticket
        • Overpass The Hash
      • Credential
        • Dumping
          • DCSync
      • WMI and WinRM
    • Active Directory Certificate Services (ADCS)
  • πŸͺŸWindows
    • Windows Privilege Escalation
      • WinPrivEsc Enumeration
      • Leveraging Windows Services
      • Abusing Other Windows Components
    • RDP
  • 🐧Linux
    • Linux Privilege Escalation
      • LinuxPrivEsc Enumeration
      • Exposed Confidential Information
      • Insecure File Permissions
      • Insecure System Components
  • πŸ•ΈοΈWeb Application
    • SQL Injection
    • Cross-Site Scripting (XSS)
  • Group 1
    • Client-Side Attacks
      • Windows Library Files
      • Exploiting Microsoft Office
  • Thick Client
    • Thick Client Pentest
    • Thick Client Pentest Methodology
Powered by GitBook
On this page
  • Network
  • File and Directory
  • Privilege Escalation
  • Manual Enumeration
  • Automated Enumeration

Was this helpful?

  1. Linux
  2. Linux Privilege Escalation

LinuxPrivEsc Enumeration

Network

Check open ports

netstat -ano
ss -lt

File and Directory

Find specific strings in file

grep -rnw '/path/to/somewhere/' -e 'pattern'

Find file name

find / -name "filename"

Privilege Escalation

Manual Enumeration

check for group that can be abuse

id

Check if can write or read, or maybe even find hashes

/etc/passwd
hostname

Check version for kernel exploit

cat /etc/issue
cat /etc/os-release
uname -a

Check process running that can be abused

ps aux

Check for network configuration like internal ip

ip a
ifconfig / ipconfig
routel
route

Look for active network

netstat ano
ss -anp

Check firewall rules

cat /etc/iptables/rules.v4

Check for schedule task

ls -lah /etc/cron*
crontab -l
sudo crontab -l (could be there schedule task for sudo)

Check application installed

dpkg -l

Look for writable directories

find / -writable -type d 2>/dev/null

Look for unmounted drives

cat /etc/fstab
mount
lsblk
lsmod
/sbin/modinfo libata

Checked for SUID Binaries

find / -perm -u=s -type f 2>/dev/null

Automated Enumeration

LinPEAS

PreviousLinux Privilege EscalationNextExposed Confidential Information

Last updated 4 months ago

Was this helpful?

🐧