# Orodha ya Ukaguzi - Kuinua Haki za Linux
{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Jifunze na fanya mazoezi ya GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server kuwasiliana na wahacker wenye uzoefu na wawindaji wa makosa!
**Maoni ya Udukuzi**\
Shiriki na maudhui yanayoangazia msisimko na changamoto za udukuzi
**Habari za Udukuzi kwa Wakati Halisi**\
Baki na habari za kisasa kuhusu ulimwengu wa udukuzi kupitia habari na maoni ya wakati halisi
**Matangazo ya Hivi Punde**\
Baki na taarifa kuhusu makosa mapya yanayoanzishwa na masasisho muhimu ya jukwaa
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wahacker bora leo!
### **Zana bora ya kutafuta vektori vya kuinua haki za ndani za Linux:** [**LinPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS)
### [Taarifa za Mfumo](privilege-escalation/#system-information)
* [ ] Pata **taarifa za OS**
* [ ] Angalia [**PATH**](privilege-escalation/#path), kuna **folda inayoweza kuandikwa**?
* [ ] Angalia [**env variables**](privilege-escalation/#env-info), kuna maelezo nyeti yoyote?
* [ ] Tafuta [**kernel exploits**](privilege-escalation/#kernel-exploits) **ukitumia scripts** (DirtyCow?)
* [ ] **Angalia** kama [**toleo la sudo** lina udhaifu](privilege-escalation/#sudo-version)
* [ ] [**Dmesg** uthibitisho wa saini umeshindwa](privilege-escalation/#dmesg-signature-verification-failed)
* [ ] Zaidi ya mfumo wa enum ([tarehe, takwimu za mfumo, taarifa za cpu, printers](privilege-escalation/#more-system-enumeration))
* [ ] [Tathmini ulinzi zaidi](privilege-escalation/#enumerate-possible-defenses)
### [Diski](privilege-escalation/#drives)
* [ ] **Orodhesha diski zilizowekwa**
* [ ] **Kuna diski isiyowekwa?**
* [ ] **Kuna akreditif katika fstab?**
### [**Programu Zilizowekwa**](privilege-escalation/#installed-software)
* [ ] **Angalia** [**programu muhimu**](privilege-escalation/#useful-software) **zilizowekwa**
* [ ] **Angalia** [**programu zenye udhaifu**](privilege-escalation/#vulnerable-software-installed) **zilizowekwa**
### [Mchakato](privilege-escalation/#processes)
* [ ] Je, kuna **programu isiyojulikana inayoendesha**?
* [ ] Je, kuna programu inayoendesha kwa **haki zaidi kuliko inavyopaswa kuwa**?
* [ ] Tafuta **exploits za michakato inayoendesha** (hasa toleo linaloendesha).
* [ ] Je, unaweza **kubadilisha binary** ya mchakato wowote unaoendesha?
* [ ] **Fuatilia michakato** na angalia kama kuna mchakato wa kuvutia unaoendesha mara kwa mara.
* [ ] Je, unaweza **kusoma** baadhi ya **kumbukumbu za mchakato** (ambapo nywila zinaweza kuhifadhiwa)?
### [Kazi za Ratiba/Cron?](privilege-escalation/#scheduled-jobs)
* [ ] Je, [**PATH**](privilege-escalation/#cron-path) inabadilishwa na cron fulani na unaweza **kuandika** ndani yake?
* [ ] Kuna [**wildcard**](privilege-escalation/#cron-using-a-script-with-a-wildcard-wildcard-injection) katika kazi ya cron?
* [ ] Baadhi ya [**script inayoweza kubadilishwa**](privilege-escalation/#cron-script-overwriting-and-symlink) inatekelezwa au iko ndani ya **folda inayoweza kubadilishwa**?
* [ ] Je, umepata kuwa baadhi ya **script** zinaweza au zinafanywa [**kutekelezwa mara kwa mara**](privilege-escalation/#frequent-cron-jobs)? (kila dakika 1, 2 au 5)
### [Huduma](privilege-escalation/#services)
* [ ] Kuna **faili ya .service inayoweza kuandikwa**?
* [ ] Kuna **binary inayoweza kuandikwa** inayotekelezwa na **huduma**?
* [ ] Kuna **folda inayoweza kuandikwa katika mfumo wa PATH**?
### [Wakati](privilege-escalation/#timers)
* [ ] Kuna **timer inayoweza kuandikwa**?
### [Sockets](privilege-escalation/#sockets)
* [ ] Kuna **faili ya .socket inayoweza kuandikwa**?
* [ ] Je, unaweza **kuwasiliana na socket yoyote**?
* [ ] **HTTP sockets** zikiwa na habari za kuvutia?
### [D-Bus](privilege-escalation/#d-bus)
* [ ] Je, unaweza **kuwasiliana na D-Bus yoyote**?
### [Mtandao](privilege-escalation/#network)
* [ ] Tathmini mtandao ili kujua uko wapi
* [ ] **Port zilizofunguliwa ambazo huwezi kufikia kabla** ya kupata shell ndani ya mashine?
* [ ] Je, unaweza **kusniff trafiki** ukitumia `tcpdump`?
### [Watumiaji](privilege-escalation/#users)
* [ ] Orodha ya watumiaji/vikundi **kuhesabu**
* [ ] Je, una **UID kubwa sana**? Je, **mashine** ina **udhaifu**?
* [ ] Je, unaweza [**kuinua haki kwa sababu ya kundi**](privilege-escalation/interesting-groups-linux-pe/) unalotegemea?
* [ ] **Data za Clipboard**?
* [ ] Sera ya Nywila?
* [ ] Jaribu **kutumia** kila **nywila inayojulikana** uliyogundua awali kuingia **na kila** **mtumiaji** anayeweza. Jaribu kuingia pia bila nywila.
### [PATH inayoweza kuandikwa](privilege-escalation/#writable-path-abuses)
* [ ] Ikiwa una **haki za kuandika juu ya folda fulani katika PATH** unaweza kuwa na uwezo wa kuinua haki
### [SUDO na amri za SUID](privilege-escalation/#sudo-and-suid)
* [ ] Je, unaweza kutekeleza **amri yoyote na sudo**? Je, unaweza kuitumia KUSOMA, KUANDIKA au KUTEKELEZA chochote kama root? ([**GTFOBins**](https://gtfobins.github.io))
* [ ] Je, kuna **binary ya SUID inayoweza kutumika**? ([**GTFOBins**](https://gtfobins.github.io))
* [ ] Je, [**amri za sudo** **zimepunguzika** na **path**? Je, unaweza **kuzidi** vizuizi](privilege-escalation/#sudo-execution-bypassing-paths)?
* [ ] [**Sudo/SUID binary bila njia iliyotajwa**](privilege-escalation/#sudo-command-suid-binary-without-command-path)?
* [ ] [**SUID binary ikitaja njia**](privilege-escalation/#suid-binary-with-command-path)? Pita
* [ ] [**LD\_PRELOAD vuln**](privilege-escalation/#ld\_preload)
* [ ] [**Ukosefu wa maktaba ya .so katika binary ya SUID**](privilege-escalation/#suid-binary-so-injection) kutoka folda inayoweza kuandikwa?
* [ ] [**SUDO tokens zinazopatikana**](privilege-escalation/#reusing-sudo-tokens)? [**Je, unaweza kuunda token ya SUDO**](privilege-escalation/#var-run-sudo-ts-less-than-username-greater-than)?
* [ ] Je, unaweza [**kusoma au kubadilisha faili za sudoers**](privilege-escalation/#etc-sudoers-etc-sudoers-d)?
* [ ] Je, unaweza [**kubadilisha /etc/ld.so.conf.d/**](privilege-escalation/#etc-ld-so-conf-d)?
* [ ] [**OpenBSD DOAS**](privilege-escalation/#doas) amri
### [Mamlaka](privilege-escalation/#capabilities)
* [ ] Je, kuna binary yoyote yenye **uwezo usiotarajiwa**?
### [ACLs](privilege-escalation/#acls)
* [ ] Je, kuna faili yoyote yenye **ACL isiyotegemewa**?
### [Sessions za Shell Zilizofunguliwa](privilege-escalation/#open-shell-sessions)
* [ ] **screen**
* [ ] **tmux**
### [SSH](privilege-escalation/#ssh)
* [ ] **Debian** [**OpenSSL Predictable PRNG - CVE-2008-0166**](privilege-escalation/#debian-openssl-predictable-prng-cve-2008-0166)
* [ ] [**SSH Thamani za usanidi za Kuvutia**](privilege-escalation/#ssh-interesting-configuration-values)
### [Faili za Kuvutia](privilege-escalation/#interesting-files)
* [ ] **Faili za Profaili** - Soma data nyeti? Andika kwa privesc?
* [ ] **faili za passwd/shadow** - Soma data nyeti? Andika kwa privesc?
* [ ] **Angalia folda zinazovutia kwa kawaida** kwa data nyeti
* [ ] **Mahali/Picha za Ajabu,** unaweza kuwa na ufikiaji au kubadilisha faili zinazoweza kutekelezwa
* [ ] **Imebadilishwa** katika dakika za mwisho
* [ ] **Faili za Sqlite DB**
* [ ] **Faili zilizofichwa**
* [ ] **Script/Binaries katika PATH**
* [ ] **Faili za Mtandao** (nywila?)
* [ ] **Nakala za Hifadhi**?
* [ ] **Faili zinazojulikana ambazo zina nywila**: Tumia **Linpeas** na **LaZagne**
* [ ] **Utafutaji wa Kawaida**
### [**Faili Zinazoweza Kuandikwa**](privilege-escalation/#writable-files)
* [ ] **Badilisha maktaba ya python** ili kutekeleza amri zisizo za kawaida?
* [ ] Je, unaweza **kubadilisha faili za log**? **Logtotten** exploit
* [ ] Je, unaweza **kubadilisha /etc/sysconfig/network-scripts/**? Centos/Redhat exploit
* [ ] Je, unaweza [**kuandika katika faili za ini, int.d, systemd au rc.d**](privilege-escalation/#init-init-d-systemd-and-rc-d)?
### [**Mbinu Nyingine**](privilege-escalation/#other-tricks)
* [ ] Je, unaweza [**kudhulumu NFS ili kuinua haki**](privilege-escalation/#nfs-privilege-escalation)?
* [ ] Je, unahitaji [**kutoroka kutoka shell yenye vizuizi**](privilege-escalation/#escaping-from-restricted-shells)?
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server kuwasiliana na wahacker wenye uzoefu na wawindaji wa makosa!
**Maoni ya Udukuzi**\
Shiriki na maudhui yanayoangazia msisimko na changamoto za udukuzi
**Habari za Udukuzi kwa Wakati Halisi**\
Baki na habari za kisasa kuhusu ulimwengu wa udukuzi kupitia habari na maoni ya wakati halisi
**Matangazo ya Hivi Punde**\
Baki na taarifa kuhusu makosa mapya yanayoanzishwa na masasisho muhimu ya jukwaa
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wahacker bora leo!
{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Jifunze na fanya mazoezi ya GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
.png)
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)
[**HackTricks Training GCP Red Team Expert (GRTE)**