forked from wirasecure/pentest-notes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
escalation_gathering.sh
executable file
·51 lines (39 loc) · 1.33 KB
/
escalation_gathering.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#Script to gathering information in a privilege escalation
#!/bin/sh
echo Distribution and kernel version
cat /etc/issue
uname -a
echo Mounted filesystems
mount -l
echo Network configuration
ifconfig -a
cat /etc/hosts
arp
echo Development tools availability
which gcc
which g++
which python
echo Installed packages (Ubuntu)
dpkg -l
echo Services
netstat -tulnpe
echo Processes
ps -aux
echo Scheduled jobs
find /etc/cron* -ls 2>/dev/null
find /var/spool/cron* -ls 2>/dev/null
echo Readable files in /etc
find /etc -user `id -u` -perm -u=r \
-o -group `id -g` -perm -g=r \
-o -perm -o=r \
-ls 2>/dev/null
echo SUID and GUID writable files
find / -o -group `id -g` -perm -g=w -perm -u=s \
-o -perm -o=w -perm -u=s \
-o -perm -o=w -perm -g=s \
-ls 2>/dev/null
echo SUID and GUID files
find / -type f -perm -u=s -o -type f -perm -g=s \
-ls 2>/dev/null
echo Writable files outside HOME
mount -l find / -path “$HOME” -prune -o -path “/proc” -prune -o \( ! -type l \) \( -user `id -u` -perm -u=w -o -group `id -g` -perm -g=w -o -perm -o=w \) -ls 2>/dev/null