Day 72: Monitor Nix Processes for Privilege Escalation Opportunities

Why?

When you get on a box as a low privilege user, you want to know if there are any processes that run you can take advantage of. A good example is a cronjob or other automation scripts that do x every y for z. The situations, when not configured correctly can lead to SETUID files being created, can lead to read/writes outside of current privilege level and many platform/program specific issues, just see GTFObins for just how many system binaries you could abuse when presented with the opportunity to do so.

Looking for Processes

I got this from an ippsec video, can’t remember which one but this was way nicer than how I used to do it, so I want to share it here.

In fact, this technique is so useful it’s helped me with a few posts including this one…