THM 1/17/2023 Linux Priv Esc

Question 1

What are ways to Priv Esc?

Answer 1

1) *Kernel Exploit
2) Leverage Application Functions that use Sudo
3) Leverage LD_PRELOAD

*Being too specific about the kernel version when searching for exploits on Google, Exploit-db, or searchsploit
Be sure you understand how the exploit code works BEFORE you launch it. Some exploit codes can make changes on the operating system that would make them unsecured in further use or make irreversible changes to the system, creating problems later. Of course, these may not be great concerns within a lab or CTF environment, but these are absolute no-nos during a real penetration testing engagement.

Question 2

What does this command do?
find / -type f -perm -04000 -ls 2>/dev/null

Answer 2

List files that have SUID or SGID bits set