红队内网攻防渗透
1. 内网权限提升技术
1.1 Linux系统提权-方法集合
- 1、内核溢出提权
- 2、suid、sudo、nfs、path、ld_preload、cron、lxd、capability、rbash等
- 3、数据库类型提权
1.2 Linux系统提权-内核溢出-信息收集
1.2.1 当前主机的操作系统
hostnamectl
cat /etc/*-release
lsb_release -a
cat /etc/lsb-release # Debain
cat /etc/redhat-release # Redhat
cat /etc/centos-release # Centos
cat /etc/os-release # Ubuntu
cat /etc/issue
1.2.2 当前主机的内核版本
hostnamectl
uname -a
cat /proc/version
dmesg | grep "Linux version"
1.2.3 内核漏洞筛选:
MSF检测:
run post/multi/recon/local_exploit_suggester (不推荐)
1.2.4 提权脚本:
https://github.com/liamg/traitor
https://github.com/The-Z-Labs/linux-exploit-suggester
https