Ceci est une ancienne révision du document !
Windows Privilege Escalation Guide
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Common Windows Privilege Escalation Vectors
Stored Credentials Windows Kernel Exploit DLL Injection Unattended Answer File Insecure File/Folder Permissions Insecure Service Permissions DLL Hijacking Group Policy Preferences Unquoted Service Path Always Install Elevated Token Manipulation Insecure Registry Permissions Autologon User Credential User Account Control (UAC) Bypass Insecure Named Pipes Permissions
tools :
Linux Privilege Escalation Guide
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
commande utile :
si l'utilisateur non root en question peut par exemple executer perl en root
sudo -l sudo /usr/bin/perl -e 'exec "/bin/sh"'
Linux Privilege Escalation By Using SUID https://medium.com/@gbmbalag/linux-privilege-escalation-by-using-suid-19d37821ed12
outils utile
Description of privesc with LinEnum : https://null-byte.wonderhowto.com/how-to/use-linenum-identify-potential-privilege-escalation-vectors-0197225/ https://github.com/rebootuser/LinEnum
The project collects legitimate functions of Unix binaries that can be abused https://gtfobins.github.io/
pspy - unprivileged Linux process snooping https://github.com/DominicBreuker/pspy
Next-generation exploit suggester - https://github.com/jondonas/linux-exploit-suggester-2
LES: Linux privilege escalation auditing tool- https://github.com/mzet-/linux-exploit-suggester