- Sudo Version Vulnerable to CVE-2021-3156 sudo Vulnerability Allows Root Privileges (aquasec.com)
- Custom Systemd timers
- Look for setuid binaries in places not managed by package manager
- Look for non-default setuid binaries
Find files owned by user/group
Use Inotify to hook to system file creation events and exploit race conditions How to Use inotify API in C Language – Linux Hint
Sample Code to hook to file events.
Greb For passwords by entroy
Password policies enforce users to create passwords with high entropies. Entropy is a measure of randomness 😶🌫️. A high entropy password is a password with the following charchteristics: - No repeating sequences of characters - Special characters - Upper case - Lowercase
Using timestamp to identify custom files in directories managed by package manager
- Check timestamp of files in directories managed by package manager to identify files modified by users.
- Lots of packages don't recored the milisecond or last part of time stamp. If u interact with it that part isn't zereod out.
- Check for [[Linux/Miscellaneous#Linux Directories]] modified by user whom are supposed to be managed by package manager
Check out Config files in their [[Linux/Miscellaneous#Config Files Default Locations| Default Locations]]
ls -la /to see if there is any
- Check out the running app config files
- Use [[Linux/Priv Esc/Tools#Docker]]