When
you exploit the victim pc there would be certain limits which resist performing
some action even after you are having the shell of victim’s pc. To get complete
access of your victim pc; you need to bypass privilege escalation where a user receives
privileges they are not authorize to. These privileges can be used to delete
files, view private information, or install unwanted programs such as viruses.
Metasploit has various other post exploits that will use a number of different
techniques to attempt to gain system level privileges on the remote system. But
apart from it there are some scripts for Linux that may come in useful
when trying to escalate privileges on a target system. This is generally aimed
at enumeration rather than specific vulnerabilities/exploits. This type of
script could save your much time.
Use payload for Linux and start multi/handler
for reverse connection. Once you hacked the victim pc now go for privilege
escalation using following scripts.
LinEnum: Scripted Local Linux Enumeration
& Privilege Escalation Checks Shellscript that enumerates the system
configuration and high-level summary of the checks/tasks performed by LinEnum:
Privileged access: Diagnose if the
current user has sudo access without a password; whether the root’s home
directory accessible.
System Information:
Hostname, Networking details, Current IP and etc.
User Information: Current user, List
all users including uid/gid information, List root accounts, Checks if password
hashes are stored in /etc/passwd
Kernel and
distribution release details.
Git clone
https://github.com/rebootuser/LinEnum.git
Once
you download this script from there you can simply run it by tying ./LinEnum.sh on terminal. Hence it will
dump all fetched data and system details.
./LinEnum.sh
Linuxprivchecker
Enumerates
the system configuration and runs some privilege escalation checks as well. It
is a python implementation to suggest exploits particular to the system that's
been taken under. To download
the script click on the link http://www.securitysift.com/download/linuxprivchecker.py
Now
to use this script just type python
linuxprivchecke.py on terminal and this will enumerate file and directory
permissions/contents. This script works same as LinEnum and hunts details
related to system network and user.
python linuxprivchecker.py
Linux Exploit Suggester
It
is based on operating system release number. This program will perform a 'uname
-r' to grab the Linux Operating Systems release version, and return a
suggestive list of possible exploits. Additionally possible to provide '-k'
flag to manually enter the Kernel Version. It is a Perl script that does not
exactly same as above. Type following to download this script:
git clone
https://github.com/PenturaLabs/Linux_Exploit_Suggester.git
If you are aware
from the kernel version then directly execute the script by typing following on
terminal:
./Linux_Exploit_Suggester.pl
-k 3.5
If not then type ./Linux_Exploit_Suggester.pl uname –r to know the version of your kernel and go
for above command and replace my kernel version from yours. Hence it suggests the possible exploit
for privilege escalation.
Unix-Privesc-checker
Shell script to check privilege
escalation vectors on UNIX systems. Unix-privesc-checker is a script that runs
on UNIX systems and Linux system. It seek to find misconfigurations that could
allow a not authorize users to escalate privileges to other users or to access
local apps.
It is written as a single shell script so it can be
easily uploaded and execute. It can be execute either as a normal user or as
root. When it finds a group-writable file or directory it only flags an issue
if that group has more than one non-root member.
To download this script type following on terminal
Unzip the folder and execute the script by typing
following
unix-privesc-check
standard
So
you can also check the way I am using these script from given images which
could help you in a better way. And similarly use another command for same
purpose.
unix-privesc-check
detailed
0 comments:
Post a Comment