4 Ways to get Linux Privilege Escalation

When you exploit the victim pc there would be certain limits which resist performing some action even after you are having the shell of victim’s pc. To get complete access of your victim pc; you need to bypass privilege escalation where a user receives privileges they are not authorize to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. Metasploit has various other post exploits that will use a number of different techniques to attempt to gain system level privileges on the remote system. But apart from it there are some scripts for Linux that may come in useful when trying to escalate privileges on a target system. This is generally aimed at enumeration rather than specific vulnerabilities/exploits. This type of script could save your much time.

Use payload for Linux and start multi/handler for reverse connection. Once you hacked the victim pc now go for privilege escalation using following scripts.

 LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks Shellscript that enumerates the system configuration and high-level summary of the checks/tasks performed by LinEnum:

Privileged access: Diagnose if the current user has sudo access without a password; whether the root’s home directory accessible.

System Information: Hostname, Networking details, Current IP and etc.

User Information: Current user, List all users including uid/gid information, List root accounts, Checks if password hashes are stored in /etc/passwd

Kernel and distribution release details.

 Git clone https://github.com/rebootuser/LinEnum.git

Once you download this script from there you can simply run it by tying ./LinEnum.sh on terminal. Hence it will dump all fetched data and system details.

./LinEnum.sh

Linuxprivchecker

Enumerates the system configuration and runs some privilege escalation checks as well. It is a python implementation to suggest exploits particular to the system that’s been taken under. To download the script click on the link http://www.securitysift.com/download/linuxprivchecker.py

Now to use this script just type python linuxprivchecke.py on terminal and this will enumerate file and directory permissions/contents. This script works same as LinEnum and hunts details related to system network and user.

python linuxprivchecker.py

Linux Exploit Suggester

It is based on operating system release number. This program will perform a ‘uname -r’ to grab the Linux Operating Systems release version, and return a suggestive list of possible exploits. Additionally possible to provide ‘-k’ flag to manually enter the Kernel Version. It is a Perl script that does not exactly same as above. Type following to download this script:

git clone https://github.com/PenturaLabs/Linux_Exploit_Suggester.git

If you are aware from the kernel version then directly execute the script by typing following on terminal:

./Linux_Exploit_Suggester.pl -k 3.5

 If not then type ./Linux_Exploit_Suggester.pl uname r to know the version of your kernel and go for above command and replace my kernel version from yours.  Hence it suggests the possible exploit for privilege escalation.

Unix-Privesc-checker

 Shell script to check privilege escalation vectors on UNIX systems. Unix-privesc-checker is a script that runs on UNIX systems and Linux system. It seek to find misconfigurations that could allow a not authorize users to escalate privileges to other users or to access local apps.

It is written as a single shell script so it can be easily uploaded and execute. It can be execute either as a normal user or as root. When it finds a group-writable file or directory it only flags an issue if that group has more than one non-root member.

To download this script type following on terminal

Git clone https://github.com/pentestmonkey/unix-privesc-check.git

Unzip the folder and execute the script by typing following

unix-privesc-check standard

So you can also check the way I am using these script from given images which could help you in a better way. And similarly use another command for same purpose.

unix-privesc-check detailed

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply