Presentation by Kate Broussard at Day of Shecurity 2019
So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques.
Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities?
This presentation explores common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services.
- Priv esc definition + Framing
- Easy mode
- Sneaky mode
- Boss mode