find Linux command can help us escape from a restricted shell, if you get to run the program with higher privileges, like NOPASWD entry in /etc/sudoers. How to 1. sudo -l 2. find . -exec /bin/bash \;
find – privilege escalation
read more
Search Results
post_exploitation
service – Privilege Escalation
Sudo (NOPASSWD) service - Privilege Escalation If you ever get to run “service” command with root privileges, you can escape from restricted shell to root. In this example /etc/sudoers has allowed an user to run this program as root without password need. How to 1....
apt-get – Privilege escalation
apt-get - Privilege escalation apt-get can be used to escalate privileges when sudo is allowed without password. How to 1. check the permissions this user has sudo -l We can see that /usr/bin/apt-get is allowed (NOPASSWD) 2. get into changelog documentation sudo...
linux-exploit-suggester – Enumeration Linux kernelLinux-based machine
LES tool is designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine. https://github.com/mzet-/linux-exploit-suggester Execute 1. Download the tool git clone https://github.com/mzet-/linux-exploit-suggester.git cd ls 2. Start...
LinEnum – Linux config enumeration
The art of privilege escalation is a skill that any competent hacker should possess. It's an entire field unto itself, and while it's good to know how to perform the techniques involved manually, it's often more efficient to have a script automate the process. LinEnum...
local_exploit_suggester – Windows enum
Having a session already the next step is to escalate privileges. The next sample is going to show basic steps for Windows 1. Find about the target X86/windows 2. Scan for vulnerabilities run post/multi/recon/local_exploit_suggester For this demo, I will be using the...
Windows-Exploit-Suggester – Windows enum
This script is to find out about available exploits in Windows. Execution 1. Gather system information from meterpreter. execute -f => to run cmd commands cmd.exe /c systeminfo => open cmd and execute the command systeminfo >> systeminfo.txt => create a...
Sherlock & Empire – Loading modules into
Sherlock is a Powershell script to quickly find missing software patches for local privilege escalation vulnerabilities It can be loaded from Powershell or even loaded into Empire to be executed. https://github.com/rasta-mouse/Sherlock...
Empire Post-Exploitation Windows
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure...
Linux config enumeration – linuxprivchecker
This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits....
Linux config enumeration – unix-privesc-checkLinux
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps...