A curated list of awesome privilege escalation
Go to file
2019-12-16 17:59:17 +01:00
README.md Add metasploit local_exploit_suggester 2019-12-16 17:59:17 +01:00

Awesome Privilege Escalation

A curated list of awesome privilege escalation

Table of Contents

Linux

Escape restricted shells

SUDO and SUID

Capabilities

Tools

  • LinEnum
  • pspy: unprivileged Linux process snooping
  • LES: LES: Linux privilege escalation auditing tool
  • Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number.
  • Linux Exploit Suggester 2: Next-generation exploit suggester based on Linux_Exploit_Suggester
  • linuxprivchecker.py: Linux Privilege Escalation Check Script
  • linux-soft-exploit-suggester: linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation.
  • exploit-suggester: This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.
  • unix-privesc-check: Shell script to check for simple privilege escalation vectors on Unix systems
  • BeRoot: BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
  • kernelpop: kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation.
  • AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically.
  • Linux Privilege Escalation Check Script: Originally forked from the linuxprivchecker.py (Mike Czumak), this script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as word writable files, misconfigurations, clear-text password and applicable exploits.
  • uptux: Specialized privilege escalation checks for Linux systems.
  • Unix-Privilege-Escalation-Exploits-Pack: Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
  • AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
  • PrivEsc: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
  • linux-smart-enumeration: Linux enumeration tools for pentesting and CTFs
  • linux-kernel-exploits

Find CVEs

Chkrootkit

NFS

Presentations

Windows

Hot Potato

Unquoted services with spaces

Groups.xml

Tools

Presentations

Linux and Windows

Docker

Docker socks

AWS