github

Ignitetechnologies / Privilege-Escalation

  • пятница, 30 августа 2019 г. в 00:23:32
https://github.com/Ignitetechnologies/Privilege-Escalation


This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.



Privilege Escalation Cheatsheet (Vulnhub)

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. It is not a cheatsheet for Enumeration using Linux Commands. Privilege escalation is all about proper enumeration. There are multiple ways to perform the same tasks. We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to Pavandeep Singh.

cheatsheet

Table of Contents

Abusing Sudo Rights

No. Machine Name Files/Binaries
1 RickdiculouslyEasy All
2 Depth All
3 Basic penetration All
4 W1R3S.inc All
5 Bob:1.0.1 All
6 W34n3ss 1 All
7 Replay : 1 All
8 Born2Root2 All
9 WestWild: 1.1 All
10 CLAMP 1.0.1 All
11 Ted:1 apt-get
12 KFIOFan : 1 awk
13 21 LTR: Scene1 cat
14 Skytower cat
15 Matrix : 1 cp
16 Sputnik 1 ed
17 Sunset ed
18 DC-2 git
19 Kioptrix : Level 1.2 ht
20 Unknowndevice64 : 1 ltrace
21 Matrix-3 manual
22 symfonos : 2 MySQL
23 Development nano
24 SP ike nmap
25 DC6 nmap
26 Dina perl
27 The Ether: Evil Science python
28 The blackmarket python
29 Violator python
30 Torment python
31 Broken: GAllery reboot
32 DE-ICE:S1.120 script
33 Fristileaks script
34 DerpNStink script
35 Basic Pentesting : 2 script
36 Wakanda : 1 script
37 Digitalworld.local : JOY script
38 PumpkinFestival script
39 PumpkinRaising strace
40 Holynix: v1 tar
41 Breach 2.1 tcpdump
42 Temple of Doom tcpdump
43 Web Developer : 1 tcpdump
44 DC-4 teehee
45 Zico 2 zip

SUID Bit

No. Machine Name SUID Bit
1 Kevgir cp
2 digitalworld.local - BRAVERY cp
3 Happycorp : 1 cp
4 FourAndSix : 2 doas
5 DC-1 find
6 dpwwn:2 find
7 MinU: v2 Micro Editor
8 Toppo:1 python 2.7
9 Mr. Robot nmap
10 Tr0ll 1 script
11 Covfefe script
12 /dev/random : K2 script
13 hackme1 script

Kernel Exploit

No. Machine Name Kernel Exploit
1 pWnOS -1.0 Linux Kernel 2.6.17 < 2.6.24.1 5092
2 LAMPSecurity: CTF 5 Linux Kernel 2.4/2.6 9479
3 Kioptrix : Level 1.1 CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) 9542
4 Hackademic-RTB1 RDS Protocol' Local Privilege Escalation 15285
5 Hackademic-RTB2 RDS Protocol' Local Privilege Escalation 15285
6 ch4inrulz : 1.0.1 RDS Protocol' Local Privilege Escalation 15285
7 Kioprtix: 5 FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation 28718
8 Simple Apport/Abrt (Ubuntu / Fedora) 36746
9 SecOS: 1 Ubuntu 12.04/14.04/14.10/15.04 37292
10 Droopy Ubuntu 12.04/14.04/14.10/15.04 37292
11 VulnOS: 2.0 Ubuntu 12.04/14.04/14.10/15.04 37292
12 Fartknocker Ubuntu 12.04/14.04/14.10/15.04 37292
13 Super Mario Ubuntu 12.04/14.04/14.10/15.04 37292
14 Golden Eye:1 Ubuntu 12.04/14.04/14.10/15.04 37292
15 Typhoon : 1.02 Ubuntu 12.04/14.04/14.10/15.04 37292
16 GrimTheRipper:1 Ubuntu 12.04/14.04/14.10/15.04 37292
17 Lord of the Root Ubuntu 14.04/15.10 39166
18 Acid Reloaded Ubuntu 14.04/15.10 39166
19 Stapler Ubuntu 16.04 39772
20 Sidney Ubuntu 16.04 39772
21 DC-3 Ubuntu 16.04 39772
22 Pluck Dirty COW 40616
23 Lampiao : 1 Dirty COW /proc/self/mem' Race Condition 40847
24 WinterMute : 1 GNU Screen 4.5.0 41154
25 DC-5 GNU Screen 4.5.0 41154
26 BTRSys:dv 2.1 Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free 41458
27 Nightmare Ubuntu 14.04/16.04 (KASLR / SMEP) 43418
28 Trollcave Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) 44298

Path Variable

No. Path Variable Files
1 PwnLab cat
2 USV cat
3 Zeus:1 date
4 The Gemini inc date
5 Nullbyte ps
6 symfonos : 1 curl
7 Silky-CTF: 0x01 whoami
8 Beast 2 whoami

Enumeration

  1. The Library:1
  2. The Library:2
  3. LAMPSecurity: CTF 4
  4. LAMPSecurity: CTF 7
  5. LAMPSecurity: CTF 8
  6. Xerxes: 1
  7. pWnOS -2.0
  8. DE-ICE:S1.130
  9. DE-ICE:S1.140
  10. Hackademic-RTB2
  11. SickOS 1.1
  12. Tommyboy
  13. Minotaur
  14. VulnOS: 1
  15. Spyder Sec
  16. Acid
  17. Necromancer
  18. Freshly
  19. Fortress
  20. Billu : B0x
  21. Defence Space
  22. Moria 1.1
  23. Analougepond
  24. Lazysysadmin
  25. Bulldog
  26. BTRSys 1
  27. G0rmint
  28. Blacklight : 1
  29. RootThis : 1
  30. Cyberry:1
  31. Moonraker:1
  32. Matrix 2

MySQL

  1. Kioptrix : Level 1.3
  2. Raven
  3. Raven : 2

Crontab

  1. Billy Madison
  2. Born2root
  3. BSides Vancuver: 2018
  4. Jarbas : 1
  5. SP:Jerome
  6. dpwwn: 1

Wildcard Injection

  1. Milnet
  2. Pipe

Capabilities

  1. Kuya : 1
  2. DomDom: 1

Writable etc/passwd file

  1. Hackday Albania
  2. Billu Box 2
  3. Bulldog 2
  4. AI: Web: 1
  5. Westwild: 2

Writable files or script as root

  1. Skydog
  2. Breach 1.0
  3. Bot Challenge: Dexter
  4. Fowsniff : 1
  5. Mercy
  6. Casino Royale
  7. SP eric
  8. PumpkinGarden
  9. Tr0ll: 3
  10. Nezuko:1
  11. Symfonos:3
  12. AI: Web: 1

Buffer Overflow

  1. Tr0ll 2
  2. IMF
  3. BSides London 2017
  4. PinkyPalace
  5. ROP Primer
  6. CTF KFIOFAN:2

Docker

  1. Donkey Docker
  2. Game of Thrones
  3. HackinOS : 1

Chkrootkit

  1. SickOS 1.2
  2. Sedna