Category

Linux

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – SUID Binaries

Introduction

Linux has several access attributes that can allow users or groups to perform certain actions against files, such as execute, modify or view files.

SUID (Set User Identification) and GUID (Set Group Identification) are permissions that allow users to execute a binary or script with the permissions of its owner (SUID) or of its group (GUID).

Some binaries have this permission by default as they require to perform certain actions with elevated privileges, for example the passwd binary needs to run as root in order to change a user’s password, although certain binaries can be exploited to escalate privileges if they have the SUID bit set.

Read more
February 8, 2021 | by Stefano Lanaro | Leave a comment
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Scheduled Tasks

Introduction

Linux-based operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.

This guide will go through the main methods used to exploit scheduled tasks.

Read more
January 30, 2021 | by Stefano Lanaro | Leave a comment
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Kernel Exploits

Introduction

The kernel is a component of the operating system that sits at the core of it, it has complete control over everything that occurs in the system. Because of this, exploiting vulnerabilities in the kernel will pretty much always result in a full system compromise.

Kernel exploits affect a certain version of a kernel or operating system and they are generally executed locally on the target machine in order to escalate privileges to root.

Read more
January 22, 2021 | by Stefano Lanaro | Leave a comment