⬆️Privilege Escalation
SUID, SGID and Capabilities
Commands to view SUID binaries:
find / -type f -perm -4000 -ls 2>/dev/null
Commands to view SGID binaries:
find / -type f -perm -g+s 2>/dev/null
Commands to view capabilities:
getcap -r / 2>/dev/null
/usr/sbin/getcap -r / 2>/dev/null
Running processes
Display a complete and extended list of all running processes on the system:
ps -faux
Show a list of listening TCP sockets on the system, including the IP address and listening port number, as well as the associated program (process) waiting for connections on each socket:
ss -nltp
Tasks that run at specified intervals:
cat /etc/crontab
Utilities
Check for directories or files where we have write permissions:
find / -writable | grep -v -E "proc|dev"
Last updated