LinEnum v-0.5 Experimental released : Scripted Local Linux Enumeration & Privilege Escalation Checks.

LinEnum v-0.5 Experimental released : Scripted Local Linux Enumeration & Privilege Escalation Checks.

Update 09.02.2015 : – LinEnum.sh: A script to enumerate local information from a Linux host

LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations and more.

LinEnum : Scripted Local Linux Enumeration & Privilege Escalation Checks

LinEnum : Scripted Local Linux Enumeration & Privilege Escalation Checks

High-level summary of the checks/tasks performed by LinEnum:
+ Kernel and distribution release details
System Information:
+ Hostname
Networking details:
+ Current IP
+ Default route details
+ DNS server information
User Information:
+ Current user details
+ Last logged on users
+ List all users including uid/gid information
+ List root accounts
+ Extracts password policies and hash storage method information
+ Checks umask value
+ Checks if password hashes are stored in /etc/passwd
+ Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
+ Attempt to read restricted files i.e. /etc/shadow
+ List current users history files (i.e .bash_history, .nano_history etc.)
+ Basic SSH checks
Privileged access:
+ Determine if /etc/sudoers is accessible
+ Determine if the current user has Sudo access without a password
+ Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
+ Is root’s home directory accessible
+ List permissions for /home/
Environmental:
+ Display current $PATH
Jobs/Tasks:
+ List all cron jobs
+ Locate all world-writable cron jobs
+ Locate cron jobs owned by other users of the system
Services:
+ List network connections (TCP & UDP)
+ List running processes
+ Lookup and list process binaries and associated permissions
+ List inetd.conf/xined.conf contents and associated binary file permissions
+ List init.d binary permissions
Version Information (of the following):
+ Sudo
+ MYSQL
+ Postgres
+ Apache
+ Checks user config
Default/Weak Credentials:
+ Checks for default/weak Postgres accounts
+ Checks for default/weak MYSQL accounts
Searches:
+ Locate all SUID/GUID files
+ Locate all world-writable SUID/GUID files
+ Locate all SUID/GUID files owned by root
+ Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
+ List all world-writable files
+ Find/list all accessible *.plan files and display contents
+ Find/list all accessible *.rhosts files and display contents
+ Show NFS server details
+ Locate *.conf and *.log files containing keyword supplied at script runtime
+ List all *.conf files located in /etc
+ Locate mail

Download : Master.zip  | Clone
Source: http://www.rebootuser.com/