Skip to content

README.md

Latest commit

 

History

History
454 lines (409 loc) · 36.6 KB

README.md

File metadata and controls

454 lines (409 loc) · 36.6 KB

⬆️ Privilege Escalation for Pentesters

A practical Privilege Escalation cheat sheet and reference guide designed for CTF players, penetration testers, and cybersecurity learners to understand how attackers escalate privileges on compromised systems

🌐 Connect With Us

🔵 Telegram – Join Channel
Twitter/X – Follow Us
🟣 Discord – Join Server
💼 LinkedIn – Follow HackingArticles

🎓 Training Program

🚀 Join Our Cybersecurity Training Program

Hands-on training in Penetration Testing, Red Teaming, and Cybersecurity.

Table of Contents

Abusing Sudo Rights

No. Machine Name Files/Binaries
1. Ted:1 apt-get
2. KFIOFan : 1 awk
3. 21 LTR: Scene1 cat
4. Skytower cat
5. Matrix : 1 cp
6. Sputnik 1 ed
7. Sunset ed
8. DC-2 git
9. Kioptrix : Level 1.2 ht
10. Matrix-3 manual
11. symfonos : 2 MySQL
12. Development nano
13. SP ike nmap
14. DC6 nmap
15. Dina perl
16. Wakanda : 1 pip
17. Violator proftpd
18. Broken: Gallery reboot/timedatectl
19. DE-ICE:S1.120 script
20. Fristileaks script
21. DerpNStink script
22. Digitalworld.local : JOY script
23. PumpkinFestival script
24. The Ether: Evil Science script
25. HA:Rudra script
26. djinn:1 script
27. UA: Literally Vulnerable script
28. PumpkinRaising strace
29. Unknowndevice64 : 1 strace
30. Holynix: v1 tar
31. Breach 2.1 tcpdump
32. Temple of Doom tcpdump
33. Web Developer : 1 tcpdump
34. DC-4 teehee
35. Serial: 1 vim
36. Zico 2 zip
37. HA: Dhanush zip
38. Sunset: Nightfall cat
39. HA: Infinity Stones ftp
40. Sunset-Sunrise wine
41. Me and My Girlfreind:1 php
42. Symfonos:5 dpkg
43. Five86:2 service
44. Tempus Fugit:1 Diffrent for every user
45. DevRandom CTF:1.1 dpkg
46. Zion: 1.1 cp
47. Seppuku:1 script
48. GitRoot: 1 git
49. Tre:1 shutdown
50. BlackRose: 1 script
51. So Simple:1 script
52. CryptoBank:1 All
53. Star Wars:1 All
54. Mercury script
55. Durian:1 script
56. nyx:1 gcc
57. Relevant:1 node
58. Maskcrafter:1.1 dpkg
59. Hogwarts:Bellatrix vim

SUID Bit

No. Machine Name SUID Bit
1. Kevgir cp
2. digitalworld.local - BRAVERY cp
3. Happycorp : 1 cp
4. FourAndSix : 2 doas
5. DC-1 find
6. dpwwn:2 find
7. MinU: v2 Micro Editor
8. Toppo:1 python 2.7/mawk
9. Mr. Robot nmap
10. Covfefe script
11. /dev/random : K2 script
12. hackme1 script
13. Sunset: dawn zsh
14. HA: Wordy cp
15. bossplayersCTF 1 find
16. In Plain Sight:1 script
17. Five86:1 script
18. Geisha:1 base32
19. Victim:1 nohup
20. eLection: 1 script
21. Photographer 1 php7.2
22. DMV :1 script
23. ShellDredd #1 Hannah cpulimit
24. KB-Vuln:3 systemctl
25. Cybox:1 register

Kernel Exploit

No. Machine Name Kernel Exploit
1. pWnOS -1.0 Linux Kernel 2.6.17 < 2.6.24.1 5092
2. LAMPSecurity: CTF 5 Linux Kernel 2.4/2.6 9479
3. Kioptrix : Level 1.1 CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) 9542
4. Hackademic-RTB1 RDS Protocol' Local Privilege Escalation 15285
5. Hackademic-RTB2 RDS Protocol' Local Privilege Escalation 15285
6. ch4inrulz : 1.0.1 RDS Protocol' Local Privilege Escalation 15285
7. Kioprtix: 5 FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation 28718
8. Simple Apport/Abrt (Ubuntu / Fedora) 36746
9. SecOS: 1 Ubuntu 12.04/14.04/14.10/15.04 37292
10. Droopy Ubuntu 12.04/14.04/14.10/15.04 37292
11. VulnOS: 2.0 Ubuntu 12.04/14.04/14.10/15.04 37292
12. Fartknocker Ubuntu 12.04/14.04/14.10/15.04 37292
13. Super Mario Ubuntu 12.04/14.04/14.10/15.04 37292
14. Golden Eye:1 Ubuntu 12.04/14.04/14.10/15.04 37292
15. Typhoon : 1.02 Ubuntu 12.04/14.04/14.10/15.04 37292
16. GrimTheRipper:1 Ubuntu 12.04/14.04/14.10/15.04 37292
17. 6days Ubuntu 12.04/14.04/14.10/15.04 37292
18. Lord of the Root Ubuntu 14.04/15.10 39166
19. Acid Reloaded Ubuntu 14.04/15.10 39166
20. Stapler Ubuntu 16.04 39772
21. Sidney Ubuntu 16.04 39772
22. DC-3 Ubuntu 16.04 39772
23. Pluck Dirty COW 40616
24. Lampiao : 1 Dirty COW /proc/self/mem' Race Condition 40847
25. WinterMute : 1 GNU Screen 4.5.0 41154
26. DC-5 GNU Screen 4.5.0 41154
27. BTRSys:dv 2.1 Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free 41458
28. Nightmare Ubuntu 14.04/16.04 (KASLR / SMEP) 43418
29. Trollcave Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) 44298
30. Prime: 1 Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) 44298
31. LAMPSecurity: CTF6 Linux Kernel 2.6 8478
32. My File Server:1 Dirty COW 40616
33. VulnUni 1.0.1 GUnet OpenEclass E-learning platform 1.7.3 48106
34. Sumo: 1 Dirty COW 40839
35. CyberSploit: 1 Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' 37292
36. Loly: 1 Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) 45010
37. Tomato: 1 Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) 45010

Path Variable

No. Path Variable Files
1. PwnLab cat
2. USV cat
3. Zeus:1 date
4. The Gemini inc date
5. EW-Skuzzy id
6. Nullbyte ps
7. symfonos : 1 curl
8. Silky-CTF: 0x01 whoami
9. Beast 2 whoami
10. HA:Arsenal Avengers ifconfig
11. Inclusiveness:1 whoami
12. MuzzyBox:1 ls
13. TBBT:2 sl
14. Sunset: Midnight service
15. Healthcare:1 fdisk

Enumeration

No. Machine Name
1. The Library:1
2. The Library:2
3. LAMPSecurity: CTF 4
4. LAMPSecurity: CTF 7
5. Xerxes: 1
6. pWnOS -2.0
7. DE-ICE:S1.130
9. Tommyboy
10. VulnOS: 1
11. Spyder Sec
12. Acid
13. Necromancer
14. Freshly
15. Fortress
16. Billu : B0x
17. Defence Space
18. Moria 1.1
19. Analougepond
20. Lazysysadmin
21. Bulldog
22. BTRSys 1
23. G0rmint
24. Blacklight : 1
25. The blackmarket
26. Matrix 2
27. Basic Pentesting : 2
28. Depth
29. Bob: 1.0.1
30. W34kn3ss 1
31. Replay: 1
32. Born2Root: 2
33. CLAMP 1.0.1
34. WestWild: 1.1
35. 64base
36. C0m80
37. Gibson
38. Quaoar
39. Hacker Fest: 2019
40. EVM: 1
41. EnuBox:Mattermost
42. 2much:1
43. mhz_cxf:c1f
44. HA: Pandavas
45. GreenOptic:1
46. Cewlkid:1
47. PowerGrid:1.0.1
48. Insanity:1
49. Tempus Fugit:3
50. HA: Forensics
51. HA: Vedas
52. HA: Sherlock

MySQL

No Machine Name
1. Kioptrix : Level 1.3
2. Raven
3. Raven : 2

Cronjob

No Machine Name
1. Billy Madison
2. BSides Vancuver: 2018
3. Jarbas : 1
4. SP:Jerome
5. dpwwn: 1
6. Sar
7. TBBT
8. Glasgow Smile: 1.1
9. LemonSqueezy:1

Wildcard Injection

No Machine Name
1. Milnet
2. Pipe

Capabilities

No Machine Name
1. Kuya : 1
2. DomDom: 1
3. HA: Naruto
4. Connect The Dots:1
5. Katana
6. Presidential: 1

Writable /etc/passwd file

No Machine Name
1. Hackday Albania
2. Billu Box 2
3. Bulldog 2
4. AI: Web: 1
5. Westwild: 2
6. Misdirection 1
7. HA: ISRO
8. Gears of War: EP#1
9. DC:9
10. Sahu
11. Sunset: Twilight
12. Chili:1

Writable files or script

No Machine Name
1. Skydog
2. Breach 1.0
3. Bot Challenge: Dexter
4. Fowsniff : 1
5. Mercy
6. Casino Royale
7. SP eric
8. PumpkinGarden
9. Tr0ll: 3
10. Nezuko:1
11. Symfonos:3
12. Tr0ll 1
13. DC:7
14. View2aKill
15. CengBox:1
16. Broken 2020: 1
17. CengBox:2
18. HA:Narak

Buffer Overflow

No Machine Name
1. Tr0ll 2
2. IMF
3. BSides London 2017
4. PinkyPalace
5. ROP Primer
6. CTF KFIOFAN:2
7. Kioptrix : Level 1
8. Silky-CTF: 0x02

Docker

No Machine Name
1. Donkey Docker
2. Game of Thrones
3. HackinOS:1
4. HA: Chakravyuh
5. Mumbai:1
6. Sunset:dusk
7. Pwned:1

Chkrootkit

No Machine Name
1. SickOS 1.2
2. Sedna
3. HA: Chanakya
4. Sunset: decoy

Bruteforce

No Machine Name
1. Rickdiculouslyeasy
2. RootThis : 1
3. LAMPSecurity: CTF 8
4. Cyberry:1
5. Born2root

Crack /etc/shadow

No Machine Name
1. DE-ICE:S1.140
2. Minotaur
3. Moonraker:1
4. Basic Penetration
5. W1R3S.inc

NFS

No Machine Name
1. Orcus
2. FourAndSix

Json

No Machine Name Json
1. MinU: 1 Json Token
2. Symfonos:4 Json Pickle

Redis

No Machine Name
1. Gemini inc:2

LXD

No Machine Name
1. AI: Web: 2
2. HA: Joker
3. CyNix:1

ALL

No Machine Name
1. Lin.Security
2. Escalate_Linux
3. Jigsaw:1

Exim

No Machine Name
1. DC:8

Apache2 Writable

No Machine Name
1. Torment
2. HA: Armour

cheatsheet

|3.|HA: Natraj