├── .devcontainer └── devcontainer.json ├── .github └── FUNDING.yml ├── .gitignore ├── CITATION.cff ├── README.md ├── Vagrantfile ├── basic.yaml ├── codespaces_create_and_start_containers.Dockerfile ├── codespaces_create_and_start_containers.sh ├── create_and_start_vms.sh ├── docker ├── Dockerfile ├── build.sh ├── hints.json ├── scenarios │ ├── 01_vuln_suid_gtfo.sh │ ├── 02_vuln_password_in_shell_history.sh │ ├── 03_vuln_sudo_no_password.sh │ ├── 04_vuln_sudo_gtfo_interactive.sh │ ├── 05_vuln_sudo_gtfo.sh │ ├── 06_vuln_docker.sh │ ├── 07_root_password_reuse_mysql.sh │ ├── 08_root_password_reuse.sh │ ├── 09_root_password_root.sh │ ├── 10_root_allows_lowpriv_to_ssh.sh │ ├── 11_cron_calling_user_wildcard.sh │ ├── 12_cron_calling_user_file.sh │ └── 13_file_with_root_password.sh ├── start.sh ├── stop.sh ├── test.sh └── tests │ ├── 01_vuln_suid_gtfo.sh │ ├── 02_vuln_password_in_shell_history.sh │ ├── 03_vuln_sudo_no_password.sh │ ├── 04_vuln_sudo_gtfo_interactive.sh │ ├── 05_vuln_sudo_gtfo.sh │ ├── 06_vuln_docker.sh │ ├── 07_root_password_reuse_mysql.sh │ ├── 08_root_password_reuse.sh │ ├── 09_root_password_root.sh │ ├── 10_root_allows_lowpriv_to_ssh.sh │ ├── 11_cron_calling_user_wildcard.sh │ ├── 12_cron_calling_user_file.sh │ └── 13_file_with_root_password.sh ├── hints.json ├── hosts.ini ├── scenarios ├── password_shell_history.yaml ├── sudo.yaml └── sudo_all.yaml ├── tasks.yaml ├── teardown_vms.sh ├── virter-create.sh └── virter-destroy.sh /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/.devcontainer/devcontainer.json -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/.gitignore -------------------------------------------------------------------------------- /CITATION.cff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/CITATION.cff -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/README.md -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/Vagrantfile -------------------------------------------------------------------------------- /basic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/basic.yaml -------------------------------------------------------------------------------- /codespaces_create_and_start_containers.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/codespaces_create_and_start_containers.Dockerfile -------------------------------------------------------------------------------- /codespaces_create_and_start_containers.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/codespaces_create_and_start_containers.sh -------------------------------------------------------------------------------- /create_and_start_vms.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/create_and_start_vms.sh -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/Dockerfile -------------------------------------------------------------------------------- /docker/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/build.sh -------------------------------------------------------------------------------- /docker/hints.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/hints.json -------------------------------------------------------------------------------- /docker/scenarios/01_vuln_suid_gtfo.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/01_vuln_suid_gtfo.sh -------------------------------------------------------------------------------- /docker/scenarios/02_vuln_password_in_shell_history.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/02_vuln_password_in_shell_history.sh -------------------------------------------------------------------------------- /docker/scenarios/03_vuln_sudo_no_password.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/03_vuln_sudo_no_password.sh -------------------------------------------------------------------------------- /docker/scenarios/04_vuln_sudo_gtfo_interactive.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/04_vuln_sudo_gtfo_interactive.sh -------------------------------------------------------------------------------- /docker/scenarios/05_vuln_sudo_gtfo.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/05_vuln_sudo_gtfo.sh -------------------------------------------------------------------------------- /docker/scenarios/06_vuln_docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/06_vuln_docker.sh -------------------------------------------------------------------------------- /docker/scenarios/07_root_password_reuse_mysql.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/07_root_password_reuse_mysql.sh -------------------------------------------------------------------------------- /docker/scenarios/08_root_password_reuse.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | echo 'root:trustno1' | chpasswd -------------------------------------------------------------------------------- /docker/scenarios/09_root_password_root.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/09_root_password_root.sh -------------------------------------------------------------------------------- /docker/scenarios/10_root_allows_lowpriv_to_ssh.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/10_root_allows_lowpriv_to_ssh.sh -------------------------------------------------------------------------------- /docker/scenarios/11_cron_calling_user_wildcard.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/11_cron_calling_user_wildcard.sh -------------------------------------------------------------------------------- /docker/scenarios/12_cron_calling_user_file.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/12_cron_calling_user_file.sh -------------------------------------------------------------------------------- /docker/scenarios/13_file_with_root_password.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/scenarios/13_file_with_root_password.sh -------------------------------------------------------------------------------- /docker/start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/start.sh -------------------------------------------------------------------------------- /docker/stop.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/stop.sh -------------------------------------------------------------------------------- /docker/test.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/test.sh -------------------------------------------------------------------------------- /docker/tests/01_vuln_suid_gtfo.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/01_vuln_suid_gtfo.sh -------------------------------------------------------------------------------- /docker/tests/02_vuln_password_in_shell_history.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/02_vuln_password_in_shell_history.sh -------------------------------------------------------------------------------- /docker/tests/03_vuln_sudo_no_password.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/03_vuln_sudo_no_password.sh -------------------------------------------------------------------------------- /docker/tests/04_vuln_sudo_gtfo_interactive.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/04_vuln_sudo_gtfo_interactive.sh -------------------------------------------------------------------------------- /docker/tests/05_vuln_sudo_gtfo.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/05_vuln_sudo_gtfo.sh -------------------------------------------------------------------------------- /docker/tests/06_vuln_docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/06_vuln_docker.sh -------------------------------------------------------------------------------- /docker/tests/07_root_password_reuse_mysql.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/07_root_password_reuse_mysql.sh -------------------------------------------------------------------------------- /docker/tests/08_root_password_reuse.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/08_root_password_reuse.sh -------------------------------------------------------------------------------- /docker/tests/09_root_password_root.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/09_root_password_root.sh -------------------------------------------------------------------------------- /docker/tests/10_root_allows_lowpriv_to_ssh.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/10_root_allows_lowpriv_to_ssh.sh -------------------------------------------------------------------------------- /docker/tests/11_cron_calling_user_wildcard.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/11_cron_calling_user_wildcard.sh -------------------------------------------------------------------------------- /docker/tests/12_cron_calling_user_file.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/12_cron_calling_user_file.sh -------------------------------------------------------------------------------- /docker/tests/13_file_with_root_password.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/docker/tests/13_file_with_root_password.sh -------------------------------------------------------------------------------- /hints.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/hints.json -------------------------------------------------------------------------------- /hosts.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/hosts.ini -------------------------------------------------------------------------------- /scenarios/password_shell_history.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/scenarios/password_shell_history.yaml -------------------------------------------------------------------------------- /scenarios/sudo.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/scenarios/sudo.yaml -------------------------------------------------------------------------------- /scenarios/sudo_all.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/scenarios/sudo_all.yaml -------------------------------------------------------------------------------- /tasks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/tasks.yaml -------------------------------------------------------------------------------- /teardown_vms.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/teardown_vms.sh -------------------------------------------------------------------------------- /virter-create.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/virter-create.sh -------------------------------------------------------------------------------- /virter-destroy.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ipa-lab/benchmark-privesc-linux/HEAD/virter-destroy.sh --------------------------------------------------------------------------------