# Linux/Unix - [Checklist - PrivEsc](/offsec-notes/readme/linux-unix/checklist-privesc.md): Checklist for privilege escalation in Linux - [Related Links](/offsec-notes/readme/linux-unix/checklist-privesc/related-links.md): There are links related to Linux/Unix privilege escalation. - [Kernel Exploits](/offsec-notes/readme/linux-unix/checklist-privesc/kernel-exploits.md): Common kernel exploits usage. - [MYSQL](/offsec-notes/readme/linux-unix/checklist-privesc/mysql.md): PrivEsc with MySQL User Defined Functions - [HEX](/offsec-notes/readme/linux-unix/checklist-privesc/mysql/hex.md): PrivEsc with MySQL User Defined Functions - [SUID](/offsec-notes/readme/linux-unix/checklist-privesc/suid.md): Using programs which has SUID bit to root shell. - [Relative Path in SUID Program](/offsec-notes/readme/linux-unix/checklist-privesc/relative-path-in-suid-program.md) - [Writable /etc/passwd file](/offsec-notes/readme/linux-unix/checklist-privesc/writable-etc-passwd-file.md) - [Writable script in /etc/crontab](/offsec-notes/readme/linux-unix/checklist-privesc/writable-script-in-etc-crontab.md) - [Writable services](/offsec-notes/readme/linux-unix/checklist-privesc/writable-services.md): Root access with writable services. - [Sudo <=1.8.14](/offsec-notes/readme/linux-unix/checklist-privesc/sudo-less-than-1.8.14.md): Sudo <=1.8.14 Local Privilege Escalation - [Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit](/offsec-notes/readme/linux-unix/checklist-privesc/debian-openssl-predictable-prng-bruteforce-ssh-exploit.md): OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH - [Docker](/offsec-notes/readme/linux-unix/checklist-privesc/docker.md): Using docker to get root shell. - [Docker Escape](/offsec-notes/readme/linux-unix/checklist-privesc/docker/docker-escape.md): There are some docker escaping technics - [davfs2](/offsec-notes/readme/linux-unix/checklist-privesc/davfs2.md): davfs2 1.4.6/1.4.7 - Local Privilege Escalation - [gcore](/offsec-notes/readme/linux-unix/checklist-privesc/gcore.md): using gcore with sudo privilege for priv esc - [fail2ban](/offsec-notes/readme/linux-unix/checklist-privesc/fail2ban.md) - [git](/offsec-notes/readme/linux-unix/checklist-privesc/git.md): Requirements: Git User SSH Priv Key and Cronjobs - [tar with wildcard](/offsec-notes/readme/linux-unix/checklist-privesc/tar-with-wildcard.md) - [Exiftool](/offsec-notes/readme/linux-unix/checklist-privesc/exiftool.md): Exiftool 7.44< <12.24 Priv Esc - [Limited Shell Escape](/offsec-notes/readme/linux-unix/limited-shell-escape.md): Ways to escape limited shells. - [Wordpress](/offsec-notes/readme/linux-unix/wordpress.md): Wordpress enumeration tools. - [Apache Tomcat](/offsec-notes/readme/linux-unix/apache-tomcat.md) - [Werkzeug Console PIN bypass](/offsec-notes/readme/linux-unix/werkzeug-console-pin-bypass.md) - [get\_flask\_pin.py](/offsec-notes/readme/linux-unix/werkzeug-console-pin-bypass/get_flask_pin.py.md) - [Java Object Deserialization](/offsec-notes/readme/linux-unix/java-object-deserialization.md) - [Redis RCE](/offsec-notes/readme/linux-unix/redis-rce.md): Redis 4x-5x RCE - [mongodb](/offsec-notes/readme/linux-unix/mongodb.md): 27017-27018 - [Postgres](/offsec-notes/readme/linux-unix/postgres.md) - [Erlang - 4369](/offsec-notes/readme/linux-unix/erlang-4369.md): Erlang Cookie RCE - [rsync - 873](/offsec-notes/readme/linux-unix/rsync-873.md): 873/tcp - [Sendmail ClamAV](/offsec-notes/readme/linux-unix/sendmail-clamav.md): Sendmail with clamav-milter < 0.91.2 - Remote Command Execution - [VNC Password Decryptor](/offsec-notes/readme/linux-unix/vnc-password-decryptor.md)