Index
- Scanning
- Enumeration
- HTTP
- Gobuster
- Nikto
- dirsearch
- WFuzz
- Command Injection
- Login Bypass
- Droopal Scan
- SSRF
- Hydra post form
- cewl
- FTP-21
- Download file from ftp
- Autobind ftp when ftp is permission denied for local user
- Remeber while uploading file on ftp
- SSH
- SSH Tunneling / Pivoting
- enum_ssh
- rbash shell esacping
- Login with RSA
- Decrypt RSA
- When bruteforcing hydra don't work
- lshell bypass
- different shell and their errors
- port kncoking
- SMB
- SNMP
- MS SQL
- finger_enum_user.sh
- Telnet
- Pop3
- CMS
- Uncommon Port Exploitation search/Enum
- Steg extract
- RDP
- James 4555
- MDB tool
- OS
- Shell
- Intrective shell
- File Transfer
- WINDOWS - Privilege Escalation
- WINDOWS - Sharup Results
- WINDOWS - Kernel
- WINDOWS - Services (Binpath)
- WINDOWS -Services (Unquoted path)
- WINDOWS - Services (Registry)
- WINDOWS - Registry (Autorun)
- WINDOWS - Registry(AlwaysInstallElevated
- WINDOWS - PasswordMining (Memory)
- WINDOWS -Password (Registry)
- WINDOWS - Password (config files)
- WINDOWS -Scheduled task (Missing binary)
- WINDOWS -Startup Application
- WINDOWS - Passthehash
- WINDOWS - Unquoted Path Service
- WINDOWS - (AlwaysInstallElevated)
- WINDOWS - Automated Script
- Windows-Exploit-suggester
- Windows Gather Applied Patches
- Sherlock
- JAWS – Just Another Windows (Enum) Script
- powerup
- My Priv esc tech (Windows)
- mimiketz if discover protected SID files
- Login with obtained creds with psexec and powershell & smbclient
- Finding permission & actual file path of shortcut file or .lnk file
- icacls & cacls for find file & folder permissions and Edit permission
- Discovered VM on target loaction
- Discoverd .mdb backup
- Discovered .kdbx Keepass database
- search file recursively
- List hidden files
- Got .dmp file extract with volatality
- group.xml file with enocded password
- Get that "pass" out of the ADS backup.zip
- disable firewall enable rdp
- Finding windows version from a file
- got SAM System file use pwdump to dump hashes
- Windows
- LINUX - Privilege Escalation
- LINUX - /etc/passwd -deeply
- LINUX - Sudo -deeply
- Traditional Method to assign Root Privilege
- Default Method to assign Root Privilege
- find - Allow Root Privilege to Binary commands
- Allow Root Privilege to Binary Programs - Spawn shelll
- LINUX - SUID - NMAP
- LINUX - LD_Preload
- LINUX - SUID - vim-tiny
- LINUX -writable
- LINUX -CRON
- LINUX - Automated Script
- LINUX - capabilities capability
- LINUX - Binaries for escalation
- zip
- wget
- wget -2
- cat
- time
- Taskset
- git
- cp
- tmux
- tmux -2
- ed
- sed
- pip
- lxd
- socat
- scp
- capabilities
- perl
- docker
- perl -2
- tmp.py
- vi
- systemctl
- tar
- id-disk
- id-games
- python
- crontab
- tcpdump
- strace
- ssh
- make
- wine
- ftp
- micro
- mysql
- Simon
- tcpdump
- ht
- sls
- apt-get
- ed
- mawk
- LINUX - Exploiting SUDO CVE-2019-14287
- Buffer Overflow
- bruteforce
- ssh
- rdp
- ftp
- hashcat
- gpp-decrypt
- wp
- john
- hydra
- cewl and crunch
- medusa
- ncrack
- wfuzz
- fcrackzip
- keepass
- password Cracking
- compiling
- Tunneling
- Imp Tools
- HTB - linux
- HTB - windows
- HTB -ippsecc windows
- access
- active
- Arctic
- arkham
- bastard
- bastion
- blue
- bounty
- brainfuck
- chatterbox
- devel
- granny
- grandpa
- jeeves
- node
- kotarak
- lame
- legacy
- mantis
- netmon
- optimum
- querier
- secnotes
- oracle
- HTB -ippsecc linux
- Ariekei - docker
- Aragog - xxe
- Apocalyst - wp
- bank
- bart
- bashed
- beep
- bitlab
- blocky
- canape - db
- carrier
- chaos
- charon
- crimestoppers
- cronos
- curling
- dab - wfuzz
- DevOops
- Dropzone
- enterprise
- europa
- falafel
- flujab
- FluxCapacitor
- fortune - nfs
- FriendZone
- frolic - play
- haircut
- hawk
- haystack
- heist
- help
- irked
- jarvis
- lazy
- luke
- networked
- nibble
- nineveh
- zipper
- october
- onetwoseven
- oz
- poison
- popcorn
- sense
- shocker
- sneaky
- solidstate
- Stratosphere
- sunday
- swagshop
- tenten
- valentine
- waldo
- wall
- zetta
- teacher
- tatarsauce
- postman
- htbwithout msf - ranakhalil
- Bashed (linux)
- Devel (windows)
- Lame (linux)
- legacy (windows)
- Optimum (windows)
- Arctic (Windows)
- Shocker (linux)
- Valentine (linux)
- nibble (linux)
- cronos (linux)
- Blue (windows)
- Irked (linux)
- Friendzone (linux)
- brainfuck (linux)
- beep (linux)
- nineveh (linux)
- Active (Windows)
- sense (freebsd)
- solidstate (linux)
- node (linux)
- Poison (freebsd)
- Sunday (solaris)
- Swagshop (linux)
- Jarvis (linux)
- Networked (linux)
- TartarSauce (linux)
- LaCasaDePapel (linux)
- Hawk (linux) - drupal
- lightweight (linux)
- Devoops (linux)
- falafel (linux)
- kotarak (linux)
- bastard (windows)
- granny (windows)
- grandpa (windows)
- bounty (windows) gobuster - webconfig -juicy
- jerry (windows)
- chatterbox (windows)
- Sillo (windows)
- Conceal (Windows)
- Netmon (windows)
- jeeves (windows) jenkin
- bart (windows)
- tally (windows)
- jail
- safe
- bankrobber
- Vulnhub
- Bsides Vancouver
- raven 1
- raven 2
- acid 1
- violator
- troll 3
- pinkypalace v2
- pinkypalace v1
- digital world
- skytower
- IMF
- troll1
- troll 2
- /dev/random sleepy
- BILLY MADISON
- wallabys-nightmare
- solidstate- james
- web developer - wp
- zico 1
- lin.security
- lord of the root - mysql udf
- pwnos 2.0
- sickos
- vulnos 2
- Mr. Robot 1
- stapler
- firstileaks
- kioptix 2014
- kioptix 1.3
- kioptix 1.2
- kioptix 1.1
- kioptix 1
- metasploitable 3
- metasplotiable 2
- metasploitable 1
- Vulnhub2
- sunset desk
- me and my gf 1
- sunset sunrise
- UA Literally vulnerable
- in plain sight 1
- HA: Dhanush
- HA: Chanakya
- djinn
- Jigsaw
- evm1
- mumbai 1
- gears-of-war-ep1
- chakravyuh
- ha-avengers-arsenal
- ha-naruto
- joker - joomla
- isro
- hackerfest
- bossplayersctf
- Misdirection
- armour
- ha-wordy- wordpress
- dc8
- silky
- sunset dawn
- sunset dawn
- Prime
- teuchter
- violator
- symfonos4
- dc-7 - drupal
- ai web 2
- hack 6 day
- digitalworld-localtorment
- hack-the-gemini-inc2
- dev-random-k2-vm-boot2root
- hack the gemini
- ai web 1
- hack-the-lin-security - mast
- oracle padding
- nezuko-1-vulnhub
- minu-v2
- digitalworld-local-joy
- symfonos2
- Matrix-3
- pumpkinraising
- symfonos1
- W1R3S.inc VM
- hack the de ice
- hack-kevgir
- vulnos-1
- dexter
- pwnlab
- sputnik-1 splunk
- dc1
LINUX - Sudo -deeply
Linux Privilege Escalation using Sudo RightsWhile solving CTF challenges, for privilege escalation we always check root permissions for any user to execute any file or command by executing sudo -l command.

As per sudo rights the root user can execute from ALL terminals, acting as ALL users: ALL group, and run ALL command.
If you (root user) wish to grant sudo right to any particular user then type visudo command which will open the sudoers file for editing. Under “user privilege specification” you will observe default root permission “root ALL=(ALL:ALL) ALL” BUT in actual, there is Tag option also available which is optional, as explained below in the following image.
