Skip to content

Introduction

This week we are going to look at Linux based Privilege escalation.

Often when we first exploit a system we will get access as a "low privilege user". For example, we might be able to gain a shell via the web interface. However, the privileges assigned to the web server process tend to be lower than other users.

For privilege escalation, we look at the files, services and programs available on a system, and see how we can make use of them to increase our current uses permission.

Note

Privesc (and system scanning), will tend to happen at the post exploitation phase of our pen-test process.

While this may seem out of order for the flow in our pen-test process. (We haven't actually covered the exploit phase yet) it a better flow for the module.

It means that we can practice Boot-2-Root style challenges, in all of the web stuff, rather than introducing the privesc part later.

Topics for the Week

  • Linux Permissions and Privileges
  • Windows Permissions and Privileges
  • ACL's
  • Getting Higher Privileges (officially)
    • Sudo
    • Suid
    • Capabilities
    • GTFO Bins
  • Examples of Privesc
    • Sudo
    • Suid
    • Capabilities
Back to top