Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-08-21 14:52:25 +00:00 committed by gitbook-bot
parent 23e574f503
commit c8fa28cd54
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 32 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
linux-unix/privilege-escalation/README.md
View file

@ -150,12 +150,37 @@ fi
```bash
cat /proc/sys/kernel/randomize_va_space 2>/dev/null
#If 0,not enabled
#If 0, not enabled
```
## Software exploits
## Drives
Check for the **version of the installed packages and services**. Maybe there is some old Nagios version \(for example\) that could be exploited for gaining privileges…
Check **what is mounted and unmounted**, where and why. If anything is unmounted you could try to mount it and check for private info
```bash
ls /dev 2>/dev/null | grep -i "sd"
cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Pv "\W*\#" 2>/dev/null
```
## Installed Software
### Useful software
Enumerate useful binaries
```bash
which nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch docker lxc rkt kubectl 2>/dev/null
```
Also, check if **any compiler is installed**. This is useful if you need to use some kernel exploit as it's recommended to compile it in the machine where you are going to use it \(or in one similar\)
```bash
(dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; which gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/")
```
### Vulnerable Software Installed
Check for the **version of the installed packages and services**. Maybe there is some old Nagios version \(for example\) that could be exploited for escalating privileges…
It is recommended to check manually the version of the more suspicious installed software.
```bash
@ -165,6 +190,10 @@ rpm -qa #Centos
If you have SSH access to the machine you could also use **openVAS** to check for outdated and vulnerable software installed inside the machine.
{% hint style="info" %}
_Note that these commands will show a lot of information that will mostly be useless, therefore it's recommended some application like OpenVAS or similar that will check if any installed software version is vulnerable to known exploits_
{% endhint %}
## Users
Check who you are, which privileges do you have, which users are in the systems, which ones can login and which ones have root privileges