Privilege Escalation
sudoFirst thing to check. See what the current user is allowed to do.
sudo -l # List available commandsPEAS- GitHubFind common misconfigurations and vulnerabilities in Linux and Windows.
Send linpeas via ssh
scp linpeas.sh user@domain:/tmpsetuid Files
Files with the setuid bit set are executed with the permissions of the owner of the file, not the user who started the program. This can be used to escalate privileges.
GTFOBins has a list of setuid binaries that can be used to escalate privileges.
Custom setuid files can be exploited using binary exploitation.
Find files with the setuid bit set.
find / -perm -u=s -type f 2>/dev/nullCVE-2021-3156- Websitesudo versions before 1.9.5p2 are vulnerable to a heap-based buffer overflow. This can be exploited to gain root access. Very useful on older systems.
Some payload can be found in the Tools section.