Linux Security
Linux privilege escalation techniques, system hardening, and vulnerability exploitation for penetration testing and security assessments.
Overview
Linux systems power critical infrastructure, servers, and embedded devices worldwide. Understanding Linux security is essential for comprehensive penetration testing and security assessments. This section covers privilege escalation techniques, common misconfigurations, and system hardening strategies.
Privilege Escalation Techniques
Sudo & Permissions
- Sudo Misconfigurations - Exploit dangerous sudo rules and configurations
- Capabilities - Abuse Linux capabilities for privilege escalation
- Privileged Groups - Exploit membership in dangerous groups
Code Execution & Injection
- Python Library Hijacking - Manipulate Python import paths for code execution
- Shared Object Hijacking - Exploit LD_PRELOAD and library loading
- PATH Abuse - Manipulate PATH variable for privilege escalation
Scheduled Tasks & Services
- Cron Job Abuse - Exploit misconfigured cron jobs
- Logrotate Exploitation - Abuse logrotate for privilege escalation
- Wildcard Abuse - Exploit wildcard expansions in scripts
Kernel Exploitation
- Kernel Exploits - Leverage kernel vulnerabilities for root access
System Hardening
- Linux Hardening - Security best practices for Linux systems
Attack Methodology
Phase 1: Enumeration
Run LinPEAS or LinEnum to identify:
- User privileges and group memberships
- Sudo permissions and SUID binaries
- Cron jobs and scheduled tasks
- Kernel version and installed software
- File permissions and capabilities
- Network services and configurations
Phase 2: Privilege Analysis
Look for:
- Dangerous sudo rules (NOPASSWD, wildcards)
- SUID/SGID binaries
- Writable files in privileged locations
- Exploitable capabilities
- Cron jobs with path injection points
- Outdated kernel versions
Phase 3: Exploitation
- Leverage identified misconfigurations
- Exploit vulnerable software versions
- Abuse intended functionality
- Chain multiple vulnerabilities
Phase 4: Persistence
- SSH key installation
- Cron job backdoors
- Modified system binaries
- PAM backdoors
- Kernel module rootkits
Essential Enumeration Tools
| Tool | Primary Use |
|---|---|
| LinPEAS | Automated privilege escalation enumeration |
| LinEnum | System enumeration script |
| pspy | Process monitoring without root |
| GTFOBins | SUID/sudo exploit database |
Common SUID Binaries
Many standard binaries can be exploited when SUID:
/usr/bin/find/usr/bin/vim/usr/bin/nmap/usr/bin/python/usr/bin/perl
Check GTFOBins for exploitation techniques.
Related Resources
- Windows Security - Cross-platform privilege escalation
- Container Security - Docker and container escapes
- Network Protocol Attacks - SSH and other protocols
Last updated on
EDR Evasion Techniques in Modern Red Team Operations
EDR evasion techniques including API hooking bypass, AMSI evasion, ETW tampering, memory injection, and advanced code obfuscation strategies.
Linux Capabilities Exploitation: Breaking Traditional Privilege Models
Technical guide to exploiting Linux capabilities for privilege escalation, focusing on dangerous capabilities like CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, and CAP_SETUID.