Here are some guidelines you can follow when exploiting Linux-based vulnerabilities.

  • If you are less experienced with Linux, you can refer to Windows vulnerabilities and exploits to help you understand Linux equivalents.
  • In addition to finding exploits online or in Metasploit, consider using common Linux features in your exploits.
  • When cracking passwords in Linux, consider using a combination of techniques, including cracking offline copies of /etc/passwd and /etc/shadow, dumping hashes, brute forcing network services, and using SMB exploits against the Samba service.
  • Use Nmap and online research to identify vulnerable services and protocols.
  • Use sticky bits, SUID, and SGID to attack Linux file systems. Target directories that contain sensitive information or have weak permissions.
  • After compromising a low-level Linux account, use password cracking, kernel exploits, SUID binaries, shared directories, weak permissions, poorly configured cron jobs, and suggested Metasploit modules to escalate privilege.
  • Check to see which privileged default and service-added Linux accounts you can target for password cracking or hash dumping.
  • Look for service and protocol versions, weak directory permissions, and weak mount points you can target.
  • When attacking mobile devices, use physical access, social engineering/app side-loading, lack of basic security practices, and software exploits to compromise the target.
  • If applicable, consider using hardware-based attacks against devices if you have physical access to them.