Linux Privilege Escalation
Background info
Definition
Privilege escalation means finding an account or user context that is higher than your current one and gaining access to it. The end goal is to eventually gain the highest level of access, Root.
Process
In order to perform privilege escalation, you must first assess what kind of account you have access to. If you only have a service account, you may need an intermediate step before you can get root. Exploiting a vulnerability or stored password is a quick way to get a user account that might have enough privileges to run a system level exploit.
End goal
Once you have finished performing privilege escalation, you should be root. Root is the highest level of permission on a system and bypasses most if not all security on every system. Similarly to SYSTEM in Windows, it is local only and does not have any privileges on a domain or other devices.
Root privileges
Root can perform actions such as: - Resetting passwords - Bypassing access controls to compromise protected data - Editing software configurations - Enabling persistence - Changing the privilege of existing (or new) users - Execute any administrative command
Enumeration
Data collection
In order to determine what vulnerabilites may be present on a machine, we must collect data on it.
Hostname
The hostname may offer some good hints. You may be able to determine a system's role by simply viewing the hostname. SQL-PROD-01 would be a great hint to check for a SQL database.
uname
Using the uname -a command, we can find info about the kernel.
Files to check
- /proc/version
- May contain info about the system and compiler
- /etc/issue
- May contain the distro and its version
- /etc/passwd
- Lists the users on the system