Tools

I’ve made my Linux Local Enumeration Script available below, it’s far from perfect and I could spend forever improving it.

But, it has saved me a bunch of time and it works great for a first pass, after that post shell excitment :)

You might also be interested in this list of Linux commands for post exploit / local privilege enumeration.

Linux Local Enumeration Script Demo

Here it is in action, I think it gives a nice clean output:

Script Code

For copying and pasting:

#!/bin/bash BLACK = " \0 33[30m" RED = " \0 33[31m" GREEN = " \0 33[32m" YELLOW = " \0 33[33m" BLUE = " \0 33[34m" PINK = " \0 33[35m" CYAN = " \0 33[36m" WHITE = " \0 33[37m" NORMAL = " \0 33[0;39m" # Quick Linux Local Enumeration Script # v1.0 cat << " EOF " . `:. `:. .:' ,:: .:' ;:' :: ;:' : .:' `. :. _________________________ : : ,---: HighOn.Coffee : : ,'"`: :' `.`. `: :' `.`-._: : `-.__`. ,' ,--------`"`-------------'--------. `"--.__ __.--"' `""-------------""' EOF sleep 1.4 printf "URL: $GREEN http://highon.coffee $NORMAL

" sleep 0.4 printf "Version: $YELLOW 1.0 $NORMAL

" sleep 0.4 printf "Twitter: $BLUE @HighOn_Coffee $NORMAL

" sleep 0.2 printf "Author: $BLUE @Arr0way $NORMAL

" sleep 0.4 printf "Disclaimer:

" printf "

" printf " $RED HighOn.Coffee is not responsible for misuse or for any damage that you may cause!

You agree that you use this software at your own risk. $NORMAL

" printf "

" printf "

" sleep 3 printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Linux Version" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/issue ; printf "

" /bin/cat /etc/ * -release printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Kernel Info" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/uname -ar printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Network Info" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/sysconfig/network printf "

" /bin/cat /etc/resolv.conf iprintf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED File System Info" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/df -h iprintf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Mounted File Systems with Pretty Output" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/df -h mount | column -t printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /etc/fstab File Contents" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/fstab printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /etc/passwd File Contents" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/passwd printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /etc/passwd File Contents" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/shadow printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /etc/group File Contents" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/group printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /etc/sudoers File Contents" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/cat /etc/sudoers printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Sticky Bit Files" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/find / -perm -g = s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \; 2>/dev/null printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED World Writable Directories" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/find / -perm -222 -type d 2>/dev/null printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED World Writable FIles" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/find / -type f -perm 0777 2>/dev/null printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Files Owned by Current User" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/find / -user $( whoami ) 2>/dev/null printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED /home and /root Permissions" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/ls -ahlR /home/ /bin/ls -ahlR /root/ printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Logged on Users" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/w printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Last Logged on Users" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /usr/bin/last printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Processes Running as root" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " /bin/ps -ef | /bin/grep root printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED Installed Packages for RHEL / Debian Based Systems" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " # Enumarate CentOS / Ubuntu Boxes # This is not a great way of ID'ing a box, but I'm being lazy printf "

" /usr/bin/dpkg -l printf "

" /usr/bin/rpm -qa printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED CentOS / RHEL Services that start at Boot" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " chkconfig --list | grep $( runlevel | awk '{ print $2}' ) :on printf "

" printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "##" printf "

" printf " $RED " printf " $BLUE ## $RED List of init Scripts aka System Services" printf "

" printf " $BLUE " printf "##" printf "

" printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf "

" printf " $NORMAL " ls /etc/init.d/ printf " $BLUE " printf '%*s

' " ${ COLUMNS :- $( tput cols ) } " '' | tr ' ' '#' printf " $NORMAL " printf "

More Linux enumeration commands can be found at: $BLUE https://highon.coffee/docs/linux-commands

" printf "

$RED So long, and thanks for all the fish...

$NORMAL " printf "

"

Wget URL

wget https://highon.coffee/downloads/linux-local-enum.sh

Enjoy.