At this stage, you already have a limited shell, and you would like to go beyond that and get a root shell instead. Root access will allow you to manipulate the system the way you want and probably will give you a new path to another host (called pivoting). This chapter focuses mainly on the Linux operating system privilege escalation, and the next chapter will discuss the Windows operating system. Although the Windows OS is popular for client hosts, most of the network infrastructure and servers are using the Linux operating system. The Microsoft team realized the importance of the Linux terminal window (the kernel), so recently they added this feature to the Windows operating system.

The goal of this chapter (and this book in general) is to teach you the methodology and not to rely on tools to get the job done. That being said, you will learn the basics of Linux privesc so you can tackle this task in your own career.

This chapter will cover the following topics:

• Linux Kernel exploits
• Linux SUID exploitation
• Manipulation of Linux config files
• Exploiting running services
• sudoers exploitation
• Automated scripts for Linux privilege escalation

Introduction to Kernel Exploits and Missing Configurations

Privilege escalation in a Linux operating system can be achieved in two ways:

• Exploiting the kernel
• Exploiting a weak system configuration (mostly implemented by the root user)

In the rest of this chapter, we will delve deep into each ...