Privilege Elevation - Unix

You just got shell access to a server. Let start by an exhaustive inventory of what is accessible to your account.

  • Identify the OS, its version, the missing security patches
  • List available tools: netcat, python, perl...
  • Read all config, temporary, backup files to find login/password.
  • Use the possible sudo rights of the account.
  • Find commands with SetUID bit.
  • Find a process running in the background with root rights and modify its inputs.
  • Find a kernel exploit. This last option, radical because it can crash the machine, is very efficient on old servers...

On your first servers, it is preferable to make these enumerations by launching the commands manually, so you can appropriate the options and outputs. Once comfortable, and knowing what you are looking for, feel free to use scripts that do these enumerations for you.