> For the complete documentation index, see [llms.txt](https://tamagosecurity.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://tamagosecurity.gitbook.io/notes/linux/linux-privilege-escalation.md).

# Linux Privilege Escalation

## Network

Check open ports

```bash
netstat -ano
ss -lt
```

## File and Directory

Find specific strings in file

```bash
grep -rnw '/path/to/somewhere/' -e 'pattern'
```

Find file name

```bash
find / -name "filename"
```

## Privilege Escalation

### Manual Enumeration

check for group that can be abuse

```bash
id
```

Check if can write or read, or maybe even find hashes

```bash
/etc/passwd
```

```bash
hostname
```

Check version for kernel exploit

```bash
cat /etc/issue
cat /etc/os-release
uname -a
```

Check process running that can be abused

```bash
ps aux
```

Check for network configuration like internal ip

```bash
ip a
ifconfig / ipconfig
routel
route
```

Look for active network

```bash
netstat ano
ss -anp
```

Check firewall rules

```bash
cat /etc/iptables/rules.v4
```

Check for schedule task

```bash
ls -lah /etc/cron*
crontab -l
sudo crontab -l (could be there schedule task for sudo)
```

Check application installed

```bash
dpkg -l
```

Look for writable directories

```bash
find / -writable -type d 2>/dev/null
```

Look for unmounted drives

```bash
cat /etc/fstab
mount
lsblk
lsmod
/sbin/modinfo libata
```

Checked for SUID Binaries

```bash
find / -perm -u=s -type f 2>/dev/null
```

### Automated Enumeration

LinPEAS
