Linux Privilege Escalation

In this series, I will discuss with you my experience and learning from Pentesters Academy – Linux Privilege Escalation Boot camp.
In this, you will not only learn concepts theoretically but also all the practical approaches of exploitation. I have published a separate article discussing the labs from Attack Defence labs. The content includes knowledge of both Jeswin Mathai (Instructor) and my own research on the same concepts
Prerequisite Knowledge
- Basics of Linux Operating System
- File system
- Commands and Utilities like cd, ls
- Basics of Networking from Penstesting point of view
- Network Interfaces
- Packets / Sniffing
- Protocols like HTTP, TCP, UDP
- Working with tools like Nmap, burpsuite, hydra, curl and etc
- Novice knowledge of c, python and Perl
Requirements
- Paid account of the pentester academy
- A modern browser (Chrome is recommended)
Topics
- Understanding Linux File Permissions
- [LABS] Exploiting File Permissions Misconfigurations
- Demystifying SUID and SGID bits
- [LABS] Exploiting SUID Binaries to Get Root User Shell
- Understanding
sudo
in Linux - [LABS] Exploiting Sudo Misconfigurations
- [LABS] Exploiting the Cron Jobs Misconfigurations – Part 1
- [LABS] Exploiting the Cron Jobs Misconfigurations – Part 2
- Understanding Concept of Shared Libraries
- [LABS] Exploiting Shared Library Misconfigurations
- [LABS] Getting the ROOT user from Web-based Applications
- [LABS] Exploiting Known Vulnerabilities in Third-Party Apps Running on Linux
- Breaking out of Restricted Shell Environment
- Breaking out of CHROOT Jailed Shell Environment
- Understanding Linux Capabilities
- [LABS] Exploiting Linux Capabilities – Part 1
- [LABS] Exploiting Linux Capabilities – Part 2
- [LABS] Exploiting Linux Capabilities – Part 3
- [LABS] Exploiting Linux Capabilities – Part 4
- [LABS] Exploiting Linux Capabilities – Part 5
- [LABS] Exploiting Linux Capabilities – Part 6
- Understanding Container Architecture
- [LABS] Container Breakout – Part 1
- [LABS] Container Breakout – Part 2
- [LABS] Attacking Docker Hosts – Part 1
- [LABS] Attacking Docker Hosts – Part 2
- [BONUS] Linux Privileges Escalation CTF Writeup