Linux Privilege Escalation – Full Course (8+ Hours)

Upload of the full Linux Exploitation Course. All the material developed for the course is available in the OSCP repository, link down below. If you want to support my work, subscribe to my patreon page - https://www.patreon.com/hexdump Thanks ------------------------- TIMESTAMP 00:00:00 Linux Privilege Escalation Course ######### 01 Introduction to the Linux Shell 00:05:58 Introduction 00:08:00 CLI vs GUI 00:13:23 Anatomy of a command 00:19:13 Differences between Terminal, TTY and Shell 00:24:23 Basic Commands 00:39:20 Relative and Absolute Paths 00:43:18 File System Commands 00:55:58 Resources Management Commands 01:05:58 Users Management Commands 01:12:43 Packages Management Commands 01:19:46 Conclusion ######### 02 File System Permissions 01:24:04 Introduction 01:25:04 MAN pages 01:30:26 How linux handles file permissions 01:45:34 Pratice on reading permissions 01:51:59 How to set new permissions with chmod 02:03:59 SUID and GUID bits 02:13:19 The sudo subsystem 02:19:39 How to change owner with chown ######### 03 PATH Hijacking 02:22:03 Introduction 02:23:13 What is the PATH? 02:29:33 How is the PATH used? 02:37:03 Example of a vulnerable program 02:44:58 PATH hijacking 02:47:43 Conclusion ######### 04 SUID Exploitation 02:50:21 Introduction 02:51:21 What is SUID? 02:56:11 Security Issues with SUID 02:58:21 Real Effective and Saved User IDs 03:01:01 Example of a SUID binary 03:04:11 GTFObins 03:05:11 SUID Exploitation 1 – wget 03:08:56 SUID Exploitation 2 – hexdump 03:11:16 SUID Exploitation 3 – ssh-keygen 03:15:56 SUID Exploitation 4 – Emacs and Vim 03:17:41 Searching for SUID binaries ######### 05 SUDO Exploitation 03:19:46 Introductionv 03:21:11 Docker Setup 03:24:06 What is SUDO? 03:28:26 Reading output of sudo -l 03:32:20 Reading SUDO configuration file 03:38:16 Update SUDO configuration with visudo 03:39:46 Exploiting SUDO 03:42:47 Example 1 – ALL NOPASSWD 03:45:31 Example 2 – pip install 03:52:46 Example 3 – tar 03:55:46 Example 4 – base64 04:00:06 Conclusion ######### 06 Wildcard Expansion Exploitation 04:01:13 Introduction 04:02:33 Shell wildcards 04:09:43 The danger of wildcards 04:12:03 Scenario 1 – tar 04:18:58 Scenario 2 – find 04:25:25 Scenario 3 – rsync 04:30:05 Conclusion ######### 07 Reverse Shells in Linux 04:31:23 Introduction 04:32:18 Docker Setup 04:34:13 Reverse Shell vs Bind Shell 04:38:23 Reverse Shells are Better 04:42:23 File Transfer Commands 04:50:23 Spawning Reverse Shells 04:51:33 Payload 1 – Bash 04:57:33 Payload 2 – Python 05:01:34 Payload 3 – Perl 05:02:03 Payload 4 – Php 05:02:23 Payload 5 – Ruby 05:03:56 Conclusion ######### 08 Unshadow Attack 05:05:20 Introduction 05:06:35 Docker setup 05:07:50 Shadow and Passwd files 05:15:55 Compute shadow hashes 05:18:40 The role of salt 05:20:45 Wordlists and rockyou.txt 05:22:42 Unshadow attack 05:29:12 Conclusion ######### 09 System Enumeration 05:30:05 Introduction 05:32:10 The value of Enumeration 05:34:50 What to Enumerate 05:48:08 How to Enumerate 06:03:56 Automated Scripts 06:09:05 Conclusion ######### 10 Cronjob Enumeration 06:10:24 Introduction 06:11:39 What is a Cronjob 06:14:19 Cronjob Configuration 06:22:59 Cronjob Enumeration 06:29:49 Cronjob Exploitation 06:35:57 Conclusion ######### 11 Capabilities Enumeration 06:36:23 Introduction 06:37:28 What are capabilities in Linux 06:44:57 How to configure capabilities 06:47:13 How to enumerate capabilities 06:50:28 Powerful capabilities for exploitations 06:53:03 Example cap setuid 06:56:23 Example cap sys ptrace 07:02:13 Conclusion ######### 12 Local Service Exploitation 07:11:54 Local Port Forwarding 07:25:59 Remote Port Forwarding ######### 13 Linux Binary Exploitation 07:30:00 What is a Buffer Overflow ######### 14 Linux Kernel Exploitation 08:11:59 On the danger of Kernel Exploits ------------------------- REFERENCES - Material: https://github.com/LeonardoE95/yt-en/tree/main/src/- - OSCP repository: https://github.com/LeonardoE95/OSCP ------------------------- CONTACTS - Blog: https://blog.leonardotamiano.xyz/ - Github: https://github.com/LeonardoE95?tab=repositories - Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ