Priv Esc Encountered Till Now

List of potential priv esc encounter while preparing solving machines on htb / pg practice

env = look for path, credentials, username
crontab /etc/crontab -> pspy (hidden cronjobs)
sudo -l
getcap -r / 2>/dev/null ( capabilities )
suid
kernel exploit pwnkit and more
ssh keys on users desktop
linpeas ( passwords in config PHP files )
userame as password root : root
Look mysql presents ? find creds /var/www/html
locally running services
disk group priv esc
strings on binaries if suspicious binary found (Function not found in the library!) ? make those and run , sometimes it expose creds, or some juicy info..
local running services netstat -tunlp | grep -i '127.0.0.1'
wrtie access ls -la/etc/passwd| check shadow as well
Read all mails /var/mail

Last updated 0 minutes ago