# Linux Previlege Escalation {% embed url=":" %} ### Enumeration: {% stepper %} {% step %} ### Hostname `hostname` command helps to find the name of the target machine which often tell us about the role/purpose of machine within the network. {% endstep %} {% step %} ### Kernel (uname -a) This command give detail about the kernel used by the system, which will be usefull to find any kernel related vulnearbilities that could lead to previlige escalation. {% endstep %} {% step %} ### /proc/version Looking at `cat /proc/verion` gives you details about the kernel version and alo additional details like whether GCC compiler install or not. {% endstep %} {% step %} ### /etc/issue Systems can also be identified by looking at the `/etc/issue` file. This file usually contains some information about the operating system but can easily be customized or changed.\ \ While on the subject, any file containing system information can be customized or changed. For a clearer understanding of the system, it is always good to look at all of these. {% endstep %} {% step %} ### ps command The `ps` command is an effective way to see the running processes on a Linux system. Typing `ps` on your terminal will show processes for the current shell. The output of the `ps` (Process Status) will show the following; * PID: The process ID (unique to the process) * TTY: Terminal type used by the user * Time: Amount of CPU time used by the process (this is NOT the time this process has been running for) * CMD: The command or executable running (will NOT display any command line parameter) The “ps” command provides a few useful options. * `ps -A`: View all running processes * `ps axjf`: View process tree (see the tree formation until `ps axjf` is run below) * `ps aux`: The `aux` option will show processes for all users (a), display the user that launched the process (u), and show processes that are not attached to a terminal (x). Looking at the ps aux command output, we can have a better understanding of the system and potential vulnerabilities. {% endstep %} {% step %} ### env The `env` command will show environmental variables.\ \ The PATH variable may have a compiler or a scripting language (e.g. Python) that could be used to run code on the target system or leveraged for privilege escalation. {% endstep %} {% step %} ### sudo -l {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://n0m4dsec.gitbook.io/sec-book/additional-topics/linux-previlege-escalation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.