Linux Privesc

Monitoring Connections and Processes with Netstat, ss, and ps Why checking open ports and running processes matters during a pentest When you’re inside a compromised Linux system — whether through a reverse shell, a webshell, or full access — understanding what’s running and what it’s talking to is critical. This isn’t just “admin curiosity.” It’s

Linux Capabilities for Privilege Escalation What They Are, How to Find Them, and How to Abuse Them as a Pentester In modern Linux systems, root isn’t always all-or-nothing anymore. Since kernel 2.2, Linux has supported a feature called Capabilities, which splits root privileges into fine-grained controls. Why does that matter to you as a pentester?Because

printf for Payloads: When it comes to crafting precise payloads or writing malicious scripts on-the-fly, one tool stands above echo in both control and reliability — the mighty printf. It’s clean, it’s predictable, and it doesn’t flinch at escape characters or strange input. As pentesters, we often find ourselves needing to generate scripts, inject payloads,

Here’s a battle-tested list of prime target files to loot on a Linux web server, whether it’s running Apache, Nginx, PHP, Node.js, or Python. 1. Web App Configuration Files These almost always contain database credentials, API keys, and even OS-level user creds. File Why It Matters config.php PHP apps – MySQL creds, $db_user, $db_pass .env

Privilege Escalation via World-Writable Config File Abusing Misconfigured Trusted Files for Root Access Introduction In the real world, privilege escalation rarely comes from some obvious exploit. More often, it’s a subtle misconfiguration that turns into full control — if you know how to spot it. This post breaks down a classic example: a world-writable config