Linux Privilege Escalation Easy
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the assessment's overall goal. There are many ways to escalate privileges. This module aims to cover the most common methods emphasizing real-world misconfigurations and flaws that we may encounter in a client environment. The techniques covered in this module are not an exhaustive list of all possibilities and aim to avoid extreme "edge-case" tactics that may be seen in a Capture the Flag (CTF) exercise.
Created by mrb3n
This module covers a wide variety of techniques that can be utilized to escalate privileges on Linux systems. Privilege escalation is an essential part of a penetration test or red team assessment. Having a deep understanding of the Linux operating system, strong enumeration skills, and knowledge of many local privilege escalation techniques can make or break an assessment and set us apart from others in the field.
In this module, we will cover:
- Enumerating a Linux system
- Kernel exploits
- Exploiting vulnerable services
- Abusing misconfigurations and permissions issues
- Hunting for credentials
- Shared object hijacking and leveraging shared libraries
- Taking advantage of a privileged group membership
- One-off context-dependent techniques
- Linux security hardening best practices
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the target host provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Easy" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Introduction to Networking
- Linux Fundamentals
- Introduction to Linux Privilege Escalation
- Kernel Exploits
- Vulnerable Services
- Cron Job Abuse
- Special Permissions
- Sudo Rights Abuse
- Path Abuse
- Wildcard Abuse
- Credential Hunting
- Shared Libraries
- Shared Object Hijacking
- Privileged Groups
- Miscellaneous Techniques
- Linux Hardening
- Linux Local Privilege Escalation - Skills Assessment