CVE-2016-1531

Atacando Linux - Escalada de privilegios

PrivEsc-Linux Atacando Linux - Escalada de privilegios #Enumeracion Herramientas utilizadas /linux-exploit-suggester -h /linux-exploit-suggestersh --checksec /linpeassh -h /LinEnumsh -h /LinEnumsh -e /tmp/ -t -s /lsesh -i 2 #1 Kernel vulnerability Linux kernel 2x through 4x before 483 Explotacion: $gcc -phread /c0wc -o c0w Daemons Exim (CVE-2016-1531) Passw

Cheatsheet for linux privilege escalation

Linux-privilege-escalation-cheatsheet Cheatsheet for linux privilege escalation Service exploits The MySQL service is running as root and the "root" user for the service does not have a password assigned We can use a popular exploit that takes advantage of User Defined Functions (UDFs) to run system commands as root via the MySQL service Change into the /home/user/t

A compilation of important commands, files, and tools used in Pentesting

Offensive Security Tools Here you will find a useful collection of commands and file resource locations used in Pentesting operations This reference is will go hand in hand with Kali Linux and the OSCP This is intended to be viewed in the blog found here: Offensive Security Cheat Sheet OSINT osintframeworkcom/ # Google hacking wwwexploit-dbcom/google-

exim4-privesc Credit to Tib3rius | tryhackmecom/room/linuxprivesc Find all the SUID/SGID executables on the Debian VM: find / -type f -a ( -perm -u+s -o -perm -g+s ) -exec ls -l {} ; 2> /dev/null If /usr/sbin/exim-484-3 appears in the results, use cve-2016-1531sh to gain a root shell

CVE-2016-1531

Common Enumeration Commands

================================================================================ Nmap nmap -p- -sT -sV -A $IP nmap -p- -sC -sV $IP --open nmap -p- --script=vuln $IP ###HTTP Methods nmap --script http-methods --script-args http-methodsurl-path='/website' ### SMB Enum Shares nmap --script smb-enum-shares grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\){3}(1?[0-