# Linux/Unix - [Checklist - PrivEsc](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc.md): Checklist for privilege escalation in Linux - [Related Links](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/related-links.md): There are links related to Linux/Unix privilege escalation. - [Kernel Exploits](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/kernel-exploits.md): Common kernel exploits usage. - [MYSQL](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/mysql.md): PrivEsc with MySQL User Defined Functions - [HEX](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/mysql/hex.md): PrivEsc with MySQL User Defined Functions - [SUID](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/suid.md): Using programs which has SUID bit to root shell. - [Relative Path in SUID Program](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/relative-path-in-suid-program.md) - [Writable /etc/passwd file](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/writable-etc-passwd-file.md) - [Writable script in /etc/crontab](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/writable-script-in-etc-crontab.md) - [Writable services](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/writable-services.md): Root access with writable services. - [Sudo <=1.8.14](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/sudo-less-than-1.8.14.md): Sudo <=1.8.14 Local Privilege Escalation - [Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/debian-openssl-predictable-prng-bruteforce-ssh-exploit.md): OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH - [Docker](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/docker.md): Using docker to get root shell. - [Docker Escape](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/docker/docker-escape.md): There are some docker escaping technics - [davfs2](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/davfs2.md): davfs2 1.4.6/1.4.7 - Local Privilege Escalation - [gcore](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/gcore.md): using gcore with sudo privilege for priv esc - [fail2ban](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/fail2ban.md) - [git](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/git.md): Requirements: Git User SSH Priv Key and Cronjobs - [tar with wildcard](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/tar-with-wildcard.md) - [Exiftool](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/checklist-privesc/exiftool.md): Exiftool 7.44< <12.24 Priv Esc - [Limited Shell Escape](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/limited-shell-escape.md): Ways to escape limited shells. - [Wordpress](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/wordpress.md): Wordpress enumeration tools. - [Apache Tomcat](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/apache-tomcat.md) - [Werkzeug Console PIN bypass](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/werkzeug-console-pin-bypass.md) - [get\_flask\_pin.py](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/werkzeug-console-pin-bypass/get_flask_pin.py.md) - [Java Object Deserialization](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/java-object-deserialization.md) - [Redis RCE](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/redis-rce.md): Redis 4x-5x RCE - [mongodb](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/mongodb.md): 27017-27018 - [Postgres](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/postgres.md) - [Erlang - 4369](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/erlang-4369.md): Erlang Cookie RCE - [rsync - 873](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/rsync-873.md): 873/tcp - [Sendmail ClamAV](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/sendmail-clamav.md): Sendmail with clamav-milter < 0.91.2 - Remote Command Execution - [VNC Password Decryptor](https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix/vnc-password-decryptor.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cel1s0.gitbook.io/offsec-notes/readme/linux-unix.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.