Manual privilege escalation techniques to look for

Information gathering

The first step when landing on host should be understanding who your against to - what OS, what process are running, what users exists and more, this can be done by looking at the following files (remember - in Linux everything is a file):

Distribution type:

cat /etc/*-release

Kernel version:

cat /proc/version uname -a

view if you can run anything as sudo: (check for GTFObins)

Sudo -l

Check common files:

cat /etc/profile 
cat /etc/bashrc 
cat ~/.bash_history 
cat ~/.bashrc 
cat ~/.bash_logout

What services running (filter by root):

ps aux

ps -efww - in full screen

ps -ef

top

Check configuration files:

cat /etc/syslog.conf 
cat /etc/chttp.conf 
cat /etc/lighttpd.conf 
cat /etc/cups/cupsd.conf 
cat /etc/inetd.conf 
cat /etc/apache2/apache2.conf 
cat /etc/my.conf 
cat /etc/httpd/conf/httpd.conf 
cat /opt/lampp/etc/httpd.conf

Check local ports and what listens: