Hacktricks Offline Instant

nmap -PS443 -sn 192.168.1.0/24

nmap -PU53 -sn 192.168.1.0/24</code></pre> </section> hacktricks offline

    <!-- Linux Priv Esc -->
    <section id="linux">
        <h2>🐧 Linux Privilege Escalation</h2>
        <h3>System Information</h3>
        <pre><code>id && whoami

uname -a cat /etc/os-release cat /etc/passwd | grep "/bin/bash" sudo -l find / -perm -4000 2>/dev/null # SUID binaries find / -writable -type f 2>/dev/null | grep -v proc</code></pre> nmap -PS443 -sn 192

        <h3>SUID Binaries</h3>
        <pre><code># Common exploitable SUIDs

find / -perm -4000 -type f 2>/dev/null

/usr/bin/pkexec # CVE-2021-4034 (PwnKit) /usr/bin/sudo /usr/bin/doas /bin/su</code></pre> uname -a cat /etc/os-release cat /etc/passwd | grep

        <h3>Capabilities</h3>
        <pre><code>getcap -r / 2>/dev/null

nmap -p- -T4 target.com

/usr/bin/python3 = cap_setuid+ep