mirror of
https://github.com/m0nad/awesome-privilege-escalation.git
synced 2024-12-22 05:44:59 -05:00
A curated list of awesome privilege escalation
awesomeawesome-listctfdll-hijackingdockerhackinghack-the-boxhtblinux-enumerationnfsoscppentestpentestingprivilege-escalation
README.md |
Awesome Privilege Escalation
A curated list of awesome privilege escalation
Table of Contents
Linux
- Basic Linux Privilege Escalation
- Linux elevation of privileges ToC
- Pentest Book - Privilege Escalation: common Linux privilege escalation techniques.
- A guide to Linux Privilege Escalation
- Enumeration is the Key
- My 5 Top Ways to Escalate Privileges: Bruno Oliveira's top 5 favorite ways for accomplishing privilege escalation in the most practical ways possible.
- Understanding Privilege Escalation: Some techniques malicious users employ to escalate their privileges on a Linux system.
- How privileges work in operating systems?
- Linux Privilege Escalation via Dynamically Linked Shared Object Library: How RPATH and Weak File Permissions can lead to a system compromise.
- Reach the root! How to gain privileges in Linux?
- Linux Privilege Escalation: an introduction to Linux escalation techniques, mainly focusing on file/process permissions, but along with some other stuff too.
- Local Linux Enumeration & Privilege Escalation Cheatsheet: a few Linux commands that may come in useful when trying to escalate privileges on a target system.
- PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
- Local Linux privilege escalation overview: This article will give an overview of the basic Linux privilege escalation techniques. It separates the local Linux privilege escalation in different scopes: kernel, process, mining credentials, sudo, cron, NFS, and file permission.
- Attack and Defend: LinuxPrivilege Escalation Techniques of 2016: This paper will examine Linux privilege escalation techniques used throughout 2016 in detail, highlighting how these techniques work and how adversaries are using them.
- Local Linux Enumeration & Privilege Escalation: a few Linux commands that may come in useful when trying to escalate privileges on a target system.
- Back To The Future: Unix Wildcards Gone Wild: This article will cover one interesting old-school Unix hacking technique, that will still work in 2013.
- POST CATEGORY : Privilege Escalation: Privilege escalation post category in Raj Chandel's Blog.
- Privilege Escalation & Post-Exploitation
- Linux - Privilege Escalation
- Privilege escalation: Linux
- Penetration-Testing-Grimoire/Privilege Escalation/linux.md
- Privilege Escalation Cheatsheet (Vulnhub): This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
- Hackers Hut: Some random hacking hints, mainly from a Linux point of view.
- Hacking Linux Part I: Privilege Escalation
Escape restricted shells
- Escaping Restricted Linux Shells: Resource for penetration testers to assist them when confronted with a restricted shell.
- Restricted Linux Shell Escaping Techniques: The focus of this article is on discussing and summarizing different techniques to escape common Linux restricted shells and also simple recommendations for administrators to protect against it.
- Linux Restricted Shell Bypass
- Escaping from Restricted Shell and Gaining Root Access to SolarWinds Log & Event Manager (SIEM) Product
- Breaking out of rbash using scp
SUDO and SUID
- GTFOBins: GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
- Abusing SUDO: Some of the binary which helps you to escalate privilege using the sudo command.
- Sudo (LD_PRELOAD): Privilege Escalation from an LD_PRELOAD environment variable.
- How I got root with Sudo
- Gaining a Root shell using MySQL User Defined Functions and SETUID Binaries: How a MySQL User Defined Function (UDF) and a SETUID binary can be used to elevate user privilege to a root shell.
Capabilities
- Exploiting capabilities: Parcel root power, the dark side of capabilities
- getcap, setcap and file capabilities
- Capabilities
- Spicing up your own access with capabilities
- An Interesting Privilege Escalation vector (getcap/setcap)
Tools
- LinEnum
- pspy: unprivileged Linux process snooping
- LES: LES: Linux privilege escalation auditing tool
- Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number.
- Linux Exploit Suggester 2: Next-generation exploit suggester based on Linux_Exploit_Suggester
- linuxprivchecker.py: Linux Privilege Escalation Check Script
- linux-soft-exploit-suggester: linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation.
- exploit-suggester: This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.
- unix-privesc-check: Shell script to check for simple privilege escalation vectors on Unix systems
- BeRoot: BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
- kernelpop: kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation.
- AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically.
- Linux Privilege Escalation Check Script: Originally forked from the linuxprivchecker.py (Mike Czumak), this script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as word writable files, misconfigurations, clear-text password and applicable exploits.
- uptux: Specialized privilege escalation checks for Linux systems.
- Unix-Privilege-Escalation-Exploits-Pack: Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
- AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
- PrivEsc: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- linux-smart-enumeration: Linux enumeration tools for pentesting and CTFs
- linux-kernel-exploits
Find CVEs
- https://github.com/lwindolf/lpvs
- https://github.com/davbo/active-cve-check
- https://github.com/clearlinux/cve-check-tool
- https://www.2daygeek.com/arch-audit-a-tool-to-check-vulnerable-packages-in-arch-linux/
Chkrootkit
NFS
- https://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/
- https://www.computersecuritystudent.com/SECURITY_TOOLS/METASPLOITABLE/EXPLOIT/lesson4/index.html
- https://blog.hackersonlineclub.com/2018/07/beroot-post-exploitation-tool-to-check.html
- https://touhidshaikh.com/blog/?p=788
Presentations
- https://www.youtube.com/watch?v=oYHAi0cgur4
- https://www.irongeek.com/i.php?page=videos/bsidesaugusta2016/its-too-funky-in-here04-linux-privilege-escalation-for-fun-profit-and-all-around-mischief-jake-williams
- https://www.youtube.com/watch?v=yXe4X-AIbps
Windows
- https://www.fuzzysecurity.com/tutorials/16.html
- https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
- https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
- https://lolbas-project.github.io/
- https://guif.re/windowseop
- https://www.youtube.com/watch?v=DlJyKgfkoKQ
- https://pt.slideshare.net/jakx_/level-up-practical-windows-privilege-escalation
- https://github.com/chryzsh/awesome-windows-security
- https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-windows
- https://www.exploit-db.com/docs/46131
- https://lolbas-project.github.io/#
- https://github.com/frizb/Windows-Privilege-Escalation
- https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/
- https://www.offensive-security.com/metasploit-unleashed/windows-post-gather-modules/
Hot Potato
- https://foxglovesecurity.com/2016/01/16/hot-potato/
- https://pentestlab.blog/2017/04/13/hot-potato/
- https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Unquoted services with spaces
- https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae
- https://pentestlab.blog/2017/03/09/unquoted-service-path/
- https://www.commonexploits.com/unquoted-service-paths/
- https://hausec.com/2018/10/05/windows-privilege-escalation-via-unquoted-service-paths/
- https://www.gracefulsecurity.com/privesc-unquoted-service-path/
- https://trustfoundry.net/practical-guide-to-exploiting-the-unquoted-service-path-vulnerability-in-windows/
- https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/
- https://www.ethicalhacker.net/community/windows-privilege-escalation-unquoted-services/
Groups.xml
Tools
- https://github.com/411Hall/JAWS
- https://github.com/rasta-mouse/Sherlock/
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/foxglovesec/Potato
- https://github.com/foxglovesec/RottenPotato
- https://github.com/Kevin-Robertson/Tater
- https://github.com/Arvanaghi/SessionGopher
- https://github.com/pentestmonkey/windows-privesc-check
- https://github.com/rootm0s/WinPwnage
- https://github.com/absolomb/WindowsEnum
- https://github.com/ohpe/juicy-potato
Presentations
- https://www.youtube.com/watch?v=bAnohAiAQ7U
- https://www.youtube.com/watch?v=G9yn3qNq7Vw
- https://www.youtube.com/watch?v=jfZ8FKTFNTE
- https://www.youtube.com/watch?v=RORaqh1DIco
Linux and Windows
- https://github.com/vitalysim/Awesome-Hacking-Resources#privilege-escalation
- https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/
Docker
- https://gist.github.com/FrankSpierings/5c79523ba693aaa38bc963083f48456c
- https://threatpost.com/hack-allows-escape-of-play-with-docker-containers/140831/
- https://www.twistlock.com/labs-blog/escaping-docker-container-using-waitid-cve-2017-5123/
- https://pt.slideshare.net/BorgHan/hacking-docker-the-easy-way
- https://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html
Docker socks
- https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html
- https://gist.github.com/FrankSpierings/5c79523ba693aaa38bc963083f48456c
- https://www.bleepingcomputer.com/news/security/escaping-containers-to-execute-commands-on-play-with-docker-servers/
- https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/