Linux packer, the premise is to get a low-privilege accountlinux scheduled execution script instance, which can upload and download files. The main ideas are:
1. Kernel packing. There are many payloads from various predators on the Internet. The key is to be able to find which exploit to use and how to use it. A less labor-intensive way is to use searchsploit or linux-exploit-suggester.sh to search. It is not difficult after you are familiar with it.
2. suid packed. This also includes sudo forms. The ideas of both methods are the same. The difference is that suid is for a single program and sudo is for a user. The main idea of this kind of packing method is: the administrator authorizes ordinary users to perform operations with root permissions without knowing the root password. Packing can be achieved by reasonably using programs with root permissions. Commonly encountered situations include:
(1) Add the shell directly, sudo-i can switch to root;
(2) Change system files, such as scheduled task files, user files, password files, sudoers files, etc. This article will also talk about this as an Easter egg later;
(3) Change the program itself. If you have write permission to the program, directly enter the bash command into the program and run the program to pack it;
(4) Overflow the program. Some programs can interact with users through ports, which means there is a prerequisite for overflow.
In general, there is no upper or lower limit on the difficulty of suid packing. A simple sudo-i command can be used. The more difficult ones involve overflow, which is equivalent to digging for 0days.
3. Third-party applications are packed, and some programs are started with root permissions. If the third-party service or program has vulnerabilities or configuration problems, it can be used to obtain root permissions. Compared with the previous methods, the difficulty is in the middle. It is not as fixed as the kernel packing routine, nor is it as flexible as the suid packing method.
The above is the detailed content of Linux privilege escalation techniques: Detailed analysis of kernel privilege escalation and suid privilege escalation. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
