Linux-Privilege-Escalation-Resources

Compilation of Resources for Linux Privilege Escalation

General Links

Github: https://github.com/0dayhunter

LinPEAS: https://github.com/0dayhunter/PEASS-ng

LinuxPrivEscArena: https://tryhackme.com/room/linuxprivescarena

Linux exploit suggester: https://github.com/0dayhunter/Linux-exploit-suggester

Introduction

Basic Linux Priv Esc: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Linux Priv Esc PayloadAllTheThings: https://github.com/0dayhunter/PayloadsAllTheThings

Linux Priv Esc Checklist: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist

Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html

Exploring Automated Tools

LinEnum: https://github.com/rebootuser/LinEnum

LinuxPrivChecker: https://github.com/sleventyeleven/linuxprivchecker

Escalation Path: Kernel Exploits

Kernel Exploits: https://github.com/lucyoa/kernel-exploits

Escalation Path: Sudo

GTFOBins: https://gtfobins.github.io/

LinuxPrivEscPlayground: https://tryhackme.com/room/privescplayground

wget example: https://veteransec.com/2018/09/29/hack-the-box-sunday-walkthrough/

dirsearch: https://github.com/maurosoria/dirsearch

CMS Made Simple ExploitDB: https://www.exploit-db.com/exploits/46635

CVE-2019-14287 ExploitDB: https://www.exploit-db.com/exploits/46635

CVE-2019-18634 GitHub: https://github.com/saleemrashid/sudo-cve-2019-18634

Escalation Path: Other SUID Escalation

Nginx Exploit: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

Escalation Path: Capabilities

Priv Esc using Capabilities: https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/

SUID vs. Capabilities: https://mn3m.info/posts/suid-vs-capabilities/

Capabilites Priv Esc w/ OpennSLL and Selinux enabled and enforced: https://medium.com/@int0x33/day-44-linux-capabilities-privilege-escalation-via-openssl-with-selinux-enabled-and-enforced-74d2bec02099