Linux-Privilege-Escalation-Resources
Compilation of Resources for TCM's Linux Privilege Escalation course
General Links
TCM Website: https://www.thecybermentor.com/
TCM-Sec: https://tcm-sec.com/
Course:
- https://www.udemy.com/course/linux-privilege-escalation-for-beginners/ (udemy)
- https://academy.tcm-sec.com/p/linux-privilege-escalation (tcm academy)
Twitch: https://www.twitch.tv/thecybermentor
Twitter: https://twitter.com/thecybermentor
YouTube: https://www.youtube.com/c/thecybermentor
TryHackMe: https://tryhackme.com/
LinuxPrivEscArena: https://tryhackme.com/room/linuxprivescarena
Introduction
Basic Linux Priv Esc: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Linux Priv Esc PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
Linux Priv Esc Checklist: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist
Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html
Exploring Automated Tools
LinPEAS: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
LinEnum: https://github.com/rebootuser/LinEnum
Linux exploit suggester: https://github.com/mzet-/linux-exploit-suggester
LinuxPrivChecker: https://github.com/sleventyeleven/linuxprivchecker
Escalation Path: Kernel Exploits
Kernel Exploits: https://github.com/lucyoa/kernel-exploits
Escalation Path: Sudo
GTFOBins: https://gtfobins.github.io/
LinuxPrivEscPlayground: https://tryhackme.com/room/privescplayground
wget example: https://veteransec.com/2018/09/29/hack-the-box-sunday-walkthrough/
dirsearch: https://github.com/maurosoria/dirsearch
CMS Made Simple ExploitDB: https://www.exploit-db.com/exploits/46635
CVE-2019-14287 ExploitDB: https://www.exploit-db.com/exploits/46635
CVE-2019-18634 GitHub: https://github.com/saleemrashid/sudo-cve-2019-18634
Escalation Path: Other SUID Escalation
Nginx Exploit: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
Escalation Path: Capabilities
Priv Esc using Capabilities: https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/
SUID vs. Capabilities: https://mn3m.info/posts/suid-vs-capabilities/
Capabilites Priv Esc w/ OpennSLL and Selinux enabled and enforced: https://medium.com/@int0x33/day-44-linux-capabilities-privilege-escalation-via-openssl-with-selinux-enabled-and-enforced-74d2bec02099