Mirrors/hacktricks

Fork 0

mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00

Translator workflow b442ae90c4 Translated to Klingon

2024-02-10 17:52:19 +00:00

46 KiB

Raw Permalink Blame History

qaStaHvIS AWS hacking vItlh htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Sudo/Admin Groups

PE - Method 1

Sometimes, by default (or because some software needs it) inside the /etc/sudoers file you can find some of these lines:

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# Allow members of group admin to execute any command
%admin 	ALL=(ALL:ALL) ALL

qaStaHvIS sudo yIqem 'ej qaStaHvIS admin yIqem 'ej sudo ghItlh ghItlh 'ej qaStaHvIS root yIqem.

sudo su

PE - Method 2

QaS - QaS 2

QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS QaS **QaS

find / -perm -4000 2>/dev/null

ghItlhvam: jatlh pkexec binary SUID binary ghItlhvam sudo admin belong 'ej binaries sudo pkexec ghItlhvam execute probably could.

qaStaHvIS:

cat /etc/polkit-1/localauthority.conf.d/*

DaH jImej pkexec 'ej by default linux vItlhutlh sudo 'ej admin ghaH jImej 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej ghaH jImej root 'ej vItlhutlh 'ej **gh

pkexec "/bin/sh" #You will be prompted for your user password

pkexec-ni jImejDaq execute 'ej error 'ej neH error message 'e' neH:

Error executing command as another user: Not authorized

This incident has been reported.

pkexec-wI'vam execute command 'ej user 'e' neH error 'ej neH error message 'e' neH:

Error executing command as another user: Not authorized

This incident has been reported.

polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

ghobe' vI'uch 'e' vItlhutlh. 'ej 'ej vaj 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlhutlh 'e' vItlh

echo $$ #Step1: Get current PID
pkexec "/bin/bash" #Step 3, execute pkexec
#Step 5, if correctly authenticate, you will have a root session

{% code title="session2" %}

pkttyagent --process <PID of session1> #Step 2, attach pkttyagent to session1
#Step 4, you will be asked in this session to authenticate to pkexec

{% endcode %}

Qa'Hom ghoS

Qa'Hom, by default /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file /etc/sudoers file

%wheel	ALL=(ALL:ALL) ALL

qaStaHvIS wheel qar'a' user 'ej sudo' ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap 'ej ghap **'ej

sudo su

tlhIngan Hol

Users from the shadow qutlh can ghItlh the /etc/shadow file:

-rw-r----- 1 root shadow 1824 Apr 26 19:10 /etc/shadow

So, ghItlh vItlhutlh hashes ghItlh crack.

Disk Group

root access equivalent privilege ghItlh vItlhutlh machine data ghItlh access.

Files:/dev/sd[a-z][1-9]

debugfs /dev/sda1
debugfs: cd /root
debugfs: ls
debugfs: cat /root/.ssh/id_rsa
debugfs: cat /etc/shadow

ghItlhvam debugfs DIvI' tlhIngan Hol ghItlhvam 'oH. ghItlhvam /tmp/asd1.txt ghItlhvam /tmp/asd2.txt ghItlhvam 'ej tlhIngan Hol DIvI' ghItlhvam 'oH.

debugfs -w /dev/sda1
debugfs:  dump /tmp/asd1.txt /tmp/asd2.txt

However, if you try to write files owned by root (like /etc/shadow or /etc/passwd) you will have a "Permission denied" error.

Video Group

Using the command w you can find who is logged on the system and it will show an output like the following one:

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
yossi    tty1                      22:16    5:13m  0.05s  0.04s -bash
moshe    pts/1    10.10.14.44      02:53   24:07   0.06s  0.06s /bin/bash

tty1 yossi logh mInDu' machin terminal 'e'.

video ghom 'e' screen output qawHaq. screens 'e' observe 'e' 'e' raw data grab 'e' 'ej resolution 'e' screen 'e' using 'e'. screen data '/dev/fb0' save 'e' 'ej resolution 'e' screen '/sys/class/graphics/fb0/virtual_size' Daj.

cat /dev/fb0 > /tmp/screen.raw
cat /sys/class/graphics/fb0/virtual_size

QaStaHvIS raw image vItlhutlh GIMP vay' ghItlh screen.raw file vay' Raw image data file type vay' ghItlh:

vay' Width 'ej Height modify 'ej screen vay' vItlhutlh Image Types check 'ej (screen vay' better vay' one select 'ej):

root Group

root group members default vay' modify 'ej service configuration files 'ej libraries files 'ej other interesting things escalate privileges vay' used vay'...

root members files modify check:

find / -group root -perm -g=w 2>/dev/null

Docker Group

You can mount the root filesystem of the host machine to an instance’s volume, so when the instance starts it immediately loads a chroot into that volume. This effectively gives you root on the machine.

{% embed url="https://github.com/KrustyHack/docker-privilege-escalation" %}

{% embed url="https://fosterelli.co/privilege-escalation-via-docker.html" %}

lxc/lxd Group

lxc - Privilege Escalation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!