Linux Privilege Escalation
Posted in: Ethical Hacking

Linux Privilege Escalation SUID bit

Linux privilege escalation can be very difficult to explore, here I will explain what linux privesc is and how you can do it manually or using tools to gather information about the system and suggest public exploits based on system Kernel version or misconfiguration.

What is Linux Privilege Escalation?

Privesc is the process of getting more access in the system then our current user.

If a low privilege user can read, write or execute a script with root permissions the user can use this to escalate privileges and get a root shell. Many times sysadmins left scripts or processes running into the system without a proper configuration with root access.

Types of Privilege Escalation

Horizontal privilege escalation

This is where you expand your reach over the compromised system by taking over a different user who is on the same privilege level as you. For instance, a normal user hijacking another normal user (rather than elevating to super user).

Vertical privilege escalation

This is where you attempt to gain higher privileges or access, with an existing account that you have already compromised.

For local privilege escalation attacks this might mean hijacking an account with administrator privileges or root privileges.

Exploiting Writeable /etc/passwd

Elevate privileges using yum

RFS=$(mktemp -d)
cat >$RFS/x<<EOF
cat >$RFS/y.conf<<EOF
cat >$RFS/<<EOF
import os
import yum
from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE
def init_hook(conduit):

sudo yum -c $RFS/x --enableplugin=y

Escaping VI Editor

sudo -l

sudo vi


Suid privilege escalation

Systemctl privilege escalation

Crontab privilege escalation

Python privilege escalation linux

SSH privilege escalation

Privilege Escalation Exploits

Dirty cow exploit


Using LinEnum

Back to Top