As with penetration testing Windows targets, once you have compromised a Linux host, you probably need to escalate your privilege to achieve your objectives. Many of the basic concepts that are used in Windows are also used in Linux, though your specific targets and methods may be different. Here are common methods for escalating privilege in Linux.
Obtain a copy of these files to crack root or privileged user passwords.
Weak process permissions
Find processes with weak controls and see if you can inject malicious code into those processes.
User application compromise
Compromise end user applications and plug-ins such as OpenOffice, VNC, and Adobe Flash Player. Some require social engineering to get the end user to open a file or browser page.
Locate applications you can run as root.
At a terminal, enter sudo find / -perm -04000
Services running as root
Locate services that are owned by (running as) root and see if you can compromise them.
Search for sensitive information in Samba shared folders, as it is common for them to have few or no restrictions.
Metasploit module auxiliary/scanner/smb/smb_enumshares
Kernel and service exploits
Find exploits that target the kernel and privileged services.
If you have a Bash shell from Metasploit, try to upgrade it to the more versatile Meterpreter.
If you have a Netcat shell, try to upgrade it to a fully interactive TTY or Meterpreter.
Exploit cron jobs
Exploit badly configured cron jobs to gain root access.
Missing patches and misconfigurations
Search for missing patches or common misconfigurations that can lead to privilege escalation.
Note: To search for Metasploit modules that are application specific, at the msf console, enter search <keyword> platform:linux. For example: search adobe platform:linux.
Note: For more information on privilege escalation in Linux, see: