Linux Privilege Escalation

Overview

This post will outline a few of the more common ways to escalate privileges from an low privilege shell on a Linux box.

Kernel Exploits

Requirements

1. Outdated kernel with exploit available

SUID binary

Requirements

1. Executable file with SUID bit set

Exploit

1. Find corresponding privesc tactic on GTFOBins

Scheduled tasks (cronjob)

Requirements

1. Cronjob running as root

MySQL User-defined Functions (UDF)

Requirements

1. MySQL server running as root

Exploit

1. udf_raptor

Sudo Privileges

Requirements

1. User has some sudo privileges (check with sudo -l)

Exploit

1. Find corresponding privesc tactic on GTFOBins

SSH Private keys

Requirements

1. ssh private key found on the system

Exploit

Exfiltrate private key and use it to log in