coffeetohack
  • Introduction
  • Methodology
  • Cheatsheet
    • Ports
    • Nmap
    • Directory Bruteforce
    • Password Cracking
    • Web Server
    • Shells
    • TTY Shells
    • File Transfers
    • XSS | SQLi
    • LFI / RFI
    • File Uploads
    • Port Forwarding
  • Framework/Application
    • CMS Made Simple
    • Blundit
    • Wordpress
    • OctoberCMS
    • Tomcat
  • Windows PrivEsc
    • Scheduled Tasks
    • Stored Passwords
    • Installed Apps
    • Unquoted Service Path
    • Binary Paths
    • DLL Hijacking
    • Startup Apps
    • Executable Files
    • Registry
    • Run As
  • Linux PrivEsc
    • Sudo
    • SUID
    • Capabilities
    • Scheduled Tasks
    • NFS Root Squashing
    • Docker
  • Buffer Overflow
    • dostackbufferoverflow
    • BoF 1
    • Vulnserver
    • Brainpan
    • Brainstorm
  • Initial Shell Exploits
  • PrivEsc Exploits
  • Cisco Packet Tracer
  • Active Directory
    • Methodology
    • LLMNR Poisioning
    • Cracking Hashes
    • SMB Relay
    • IPv6 Attacks
    • PowerView
    • Bloodhound
    • Pass The Hash
    • Token Impersonation
    • Kerberoasting
    • GPP Attack
    • URL File Attack
    • PrintNightmare
    • Mimikatz
    • Golden Ticket Attack
  • OSINT
Powered by GitBook
On this page

Was this helpful?

PrivEsc Exploits

Kioptrix 1.1
CentOS 4.5 Kernal 2.6.9

Kioptrix 1.2
Sudo Privesc /usr/local/bin/ht

Kioptrix 1.3
Mysql running as root: UDF 

Kioptrix 2014
FreeBSD 9.0 Kernel exploit

Fristileaks 1.3 
Sudo Privesc doCom

VulnOS2
Ubuntu Kernel 3.13.0 

SickOS 1.2
chkrootkit 0.49 CRON job

/dev/random:scream
FileZilla server Tasklist

Pwnos 2.0
25444.c
mysqli_connect.php had credentials to root

Pwnlab
No Full Path to binary (create shell in binary in tmp)(set PATH to /tmp) 

Temple of Doom
Sudo privesc tcpdump

Zico 2
Sudo Privesc tar, zip

Lord of the root
Mysql UDF or Ubuntu 14.04 Kernel 4.3.3

Troll 1
Ubuntu 14.04

DC 6
Sudo privesc tar backups.sh

DC 9
python file "append" to /etc/passwd

digitalword.local BRAVERY
cp SUID 

digitalworld.local DEVELOPMENT
Sudo privesc nano, vim

Prime 1
Ubuntu Kernel 4.10.0-28

Symfonos 1
No Full Path to curl SUID

Symfonos 2
Sudo privesc mysql

Symfonos 3
python file write n execute

Symfonos 5
Sudo privesc dpkg

Sar 1
.sh script write

DerpnStrink 1
Sudo privesc .sh file create n write

Nullbyte
No Full Path to ps SUID (output of binary shows ps output)

Toppo 1
mawk, python2.7 SUID 

GoldenEye 1
Ubuntu Kernel 3.13

MySQL (running as root) privesc | lib_mysqludf_sys.so
https://www.trenchesofit.com/2021/02/15/offensive-security-proving-grounds-banzai-write-up-no-metasploit/
PreviousInitial Shell ExploitsNextCisco Packet Tracer

Last updated 3 years ago

Was this helpful?