There's two things you'll need. Once you're connected to the box you'll need to know all the SUID capable binaries' available. To do this, run
find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/nullthe second is a way to escalate with these. This is where gtfobins comes in: https://gtfobins.github.io/
Comments