Linux Privilege Escalation

OS, kernel and env

Operating System

cat /etc/issue

cat /etc/*-release

Redhat distro

cat /etc/redhat-release

Debian distro

cat /etc/lsb-release

Kernel version

cat /proc/version

uname -a

returns hostname,kernel release,machine hardware

uname -mrs

rpm -q kernel

dmesg | grep Linux

ls /boot | grep vmlinuz-

Environmental variables

cat /proc/version

cat /etc/bashrc

cat ~/.bash_profile

cat ~/.bashrc

cat ~/.bash_logout

shell env

set
env

Stiky bits, SUID, GUID

SUID 2000 - Group has permission to execute

find / -perm -g=s -type f -exec ls -la 2>/dev/null {} \;

SUID 4000 - User has permission to execute

find / -perm -u=s -type f -exec ls -la 2>/dev/null {} \;

SGID or SUID

find / -perm -g=s -o -perm -u=s -type f -exec ls -la 2>/dev/null {} \;  

SUID and SGID

find / -perm -4000 -o -perm -2000 -type f -exec ls -la 2>/dev/null {} \;

Only the owner of the directory has permission

find / -perm -1000 -type d -exec ls -la 2>/dev/null {} \;

World writeable folders

Anybody can Write in the directories

find / -writable -type d -exec ls -la 2>/dev/null {} \;

all users with Write permission in the directories

find / -perm -222 -type d -exec ls -la 2>/dev/null {} \;

All others with write permission directories

find / -perm -o w -type d -exec ls -la 2>/dev/null {} \;

Find directories with execute permission

find / -perm -o x -type d -exec ls -la 2>/dev/null {} \;

Permission to write and execute directories

find / \( -perm -o w -perm -o x \) -type d -exec ls -la 2>/dev/null {} \;

Ref:
blog.g0tmi1k.com