Privilege Escalation

SUID, SGID and Capabilities

Commands to view SUID binaries:

find / -type f -perm -4000 -ls 2>/dev/null

Commands to view SGID binaries:

find / -type f -perm -g+s 2>/dev/null

Commands to view capabilities:

getcap -r / 2>/dev/null

/usr/sbin/getcap -r / 2>/dev/null

Running processes

Display a complete and extended list of all running processes on the system:

ps -faux

Show a list of listening TCP sockets on the system, including the IP address and listening port number, as well as the associated program (process) waiting for connections on each socket:

ss -nltp

Tasks that run at specified intervals:

cat /etc/crontab

Utilities

Check for directories or files where we have write permissions:

find / -writable | grep -v -E "proc|dev"

Last updated 1 year ago