Hey I’m back with another interesting topic.First of all did you notice anything new.yep a new cover its because this is out of web hacking.lets start

first of all we need to talk about what is privilege escalation

01. What is privilege escalation☠️

So you know that in a os there is users .all users have privileges for each them and that can be different while some users can read and write files some users only can read files😒

but there is user that can done everything we call him “root”

ok there are ways to get root access without authorization by exploiting vuln or bugs ,etc… that’s what we call privilege escalation .here I’m going explain this properly

so basically privilege escalation is process of gain privileges permissions that without a authorization .this can be done with exploiting vuln or bugs. ok now lets see how we can do it.

the way of doing this can be different .first we need to enumerate the os

02. Enumerate the os

usually first I’m trying to get os information

first I search for kernel version

if there is a exploit for kernel we can exploit and gain root privileges.i can exploit the sys and gain root privileges like this.boom 💥

if there isn’t a vuln for it.we need to focus that can run with sudo.
we need to find the allowed commands that a user can execute with root privileges.

im the admin of my machine so i didn’t give any permissions to any files.

ok so i need to demonstrate this with tryhackme mchine

03. Exploit

lets exploit💥💥

hmmm i think you see that.the system allowed run nano,find,less in sudo privileges

i use GTFObins to find a way to get root privileges with nano.less,find but i decided to get root with less

boom i got the root.and this is long process that manually enumerate the system so we can use scripts such as LinPEAS,LES

ok there are lots of techniques.i can’t tell you all about my knowledge of linux privilege escalation in one post so i will be back with another post

echo "GGS!Ima off"

GGS!Ima off