1. Enumeration & Kernel Exploits
Automated Tools
- linux-smart-enumeration
$ ./lse.sh -l1 # shows interesting information that should help you to privesc $ ./lse.sh -l2 # dump all the information it gathers about the system - linPEAS
$ ./linpeas.sh -a # all checks - deeper system enumeration, but it takes longer to complete. $ ./linpeas.sh -s # superfast & stealth - This will bypass some time consuming checks. In stealth mode Nothing will be written to the disk. $ ./linpeas.sh -P # Password - Pass a password that will be used with sudo -l and bruteforcing other users - LinEnum
$ ./LinEnum.sh -s -k keyword -r report -e /tmp/ -t - linuxprivchecker
$ python linuxprivchecker.py -w -o linuxprivchecker.log - Pspy
Useful Resources
Manually
Here is some of the best references
Warning
Don’t use kernel exploits if you can avoid it. If you use it it might crash the machine or put it in an unstable state.
Always use a simpler priv-esc if you can. They can also produce a lot of stuff in the sys.log. So if you find anything good, put it up on your list and keep searching for other ways before exploiting it.