Disclaimer: This material is provided solely for educational purposes. You are fully responsible for how you use the information.
We do not encourage any kind of illegal or harmful activity.

1. Run Scripts and Analyze Enumeration Results

• Run LinPEAS,LinEnum, lse.sh If scripts fail, refer to manual enumeration commands available in the System Enumeration section.

• Carefully review the output of your enumeration scripts and manual commands.

• Focus on high-value targets such as outdated software, misconfigurations, sensitive files, and open ports.

2. Create a Checklist

• Create a checklist of potential privilege escalation vectors based on your enumeration results.
• Avoid getting lost in rabbit holes by prioritizing tasks and focusing on the most promising leads.

3. Search Key Directories

• Search for files in your home directory and other common locations such as /var/backup, /tmp, /etc, and /opt.
• Check user’s history files (~/.bash_history, ~/.zsh_history, ~/.mysql_history) for useful information like commands or passwords.

4. Try Simple Methods First

• Focus on methods that require fewer steps:
• Sudo Privileges: Check if your user has any sudo privileges using sudo -l. Look for commands that can be executed without a password.
• Cron Jobs: Look for scheduled tasks that might be exploitable using crontab -l and inspecting /etc/crontab, /etc/cron.d, and /var/spool/cron.
• SUID Files: Identify and exploit SUID files for privilege escalation with find / -perm -4000 -type f 2>/dev/null.
• World-Writable Files and Directories: Identify world-writable files and directories with find / -writable ! -path "/proc/" -type d 2>/dev/null.

5. Investigate Root Processes

• Enumerate the versions of root processes and search for known exploits. Use ps aux | grep root to identify running root processes.
• Cross-reference identified software versions with public exploit databases like Exploit-DB

6. Network Enumeration

• Identify network interfaces and IP addresses using ifconfig or ip a.
• Check active connections and listening ports with netstat -an -p TCP, netstat -ltp, or lsof -i.
• Check for internal ports that might be forwarded to your attacking machine for further exploitation.

7. Review and Rethink

• If you still haven’t achieved root access, re-read your enumeration dumps and highlight anything unusual.
• Look for unfamiliar process or file names, uncommon filesystem configurations, or odd usernames.
• As a last resort, consider kernel exploits if no other method works.

General Tips

1. Stay Calm and Focused: Privilege escalation is often a multi-step process that requires careful attention to detail.
2. Be Patient: Results may not be immediate. Take your time to analyze and understand the environment.
3. Keep Notes: Document your findings meticulously. A small piece of information might become crucial later.
4. Use Multiple Tools: Different tools might reveal different information. Cross-reference findings from tools like winPEAS, Seatbelt, and manual commands.
5. Focus on Quick Wins: Identify and exploit low-hanging fruits such as weak permissions, misconfigured services, and stored credentials.
6. Be Ready to Adapt: If an initial approach fails, reassess the situation and be prepared to try alternative methods.