Last updated: 15 Apr 24 09:38:31 (UTC)

Pirvesc Cheatsheet

Sudo

exploitDB

sudo -V to check for exploitable version

sudo -l to check for sudo permissions

SUID

GTFObins

find / -perm -4000 2>/dev/null to check for exectuable files belonging to other users (root)

find / -perm -u=s -type f 2>/dev/null to check for executable files belonging to root

Linpeas.sh

HackTricks

Linpeas.sh

wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh

LinEnum.sh

wget https://github.com/rebootuser/LinEnum/raw/master/LinEnum.sh

for a faster and complete enumeration

HackTricks

GTFObins

exploitDB

Manual (things to check if no automated enumerations)

home

check access to the home directories and if you can access the .ssh or other files belonging to other users

find / -user $USER 2>/dev/null | grep -E '\.zip|\.txt'

var

check for databases (*.sql, *.db and others), web files (/var/www/), or other files that might give credentials or informations

services running

netstat -antp

local services like a mysql server (port 3306) for exemple

Joplin Server v2.14.2, copyright © 2021-2024 JOPLIN.