🎯 The "Fast Decision" Priority List
When you land on a Linux box, your brain should automatically categorize vulnerabilities by their Time-to-Root (TTR).
1. The Instant Win: Sudo NOPASSWD
If sudo -l shows binaries with NOPASSWD, this is your top priority.
-
The "Pager" Escape:
sudo less /etc/hosts-> type!/bin/bash -
The "Editor" Escape:
sudo vim -c ':!/bin/sh' - Why? No waiting for cron jobs, no uploading files, no risk of crashing the service. Instant shell.
2. The Semi-Instant Win: Writable Scripts
If a root-owned script is world-writable (777):
-
The Exploit: Append a SUID creator:
echo 'cp /bin/bash /tmp/rootbash; chmod +s /tmp/rootbash' >> /opt/cleanup.sh - Wait Time: Usually 1-5 minutes (Cron) or until a user/service triggers it.
3. The "Manual" Win: Wildcard Injection
This is your last resort if no simple paths exist.
-
The Vulnerability:
tar -czf backup.tar.gz *in a writable folder. -
The Complexity: Requires creating multiple "flag" files (
--checkpoint) and a payload script. - The Risk: High chance of typos and more "noise" in the system logs.
Follow my journey: #1HourADayJourney
Top comments (0)