A curated list of awesome privilege escalation
Go to file
2019-12-23 11:34:59 +01:00
README.md Adding new resources 2019-12-23 11:34:59 +01:00

Awesome Privilege Escalation

A curated list of awesome privilege escalation

Table of Contents

Linux

Escape restricted shells

SUDO and SUID

Capabilities

Tools

  • LinEnum
  • pspy: unprivileged Linux process snooping
  • LES: LES: Linux privilege escalation auditing tool
  • Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number.
  • Linux Exploit Suggester 2: Next-generation exploit suggester based on Linux_Exploit_Suggester
  • linuxprivchecker.py: Linux Privilege Escalation Check Script
  • linux-soft-exploit-suggester: linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation.
  • exploit-suggester: This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.
  • unix-privesc-check: Shell script to check for simple privilege escalation vectors on Unix systems
  • BeRoot: BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
  • kernelpop: kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation.
  • AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically.
  • Linux Privilege Escalation Check Script: Originally forked from the linuxprivchecker.py (Mike Czumak), this script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as word writable files, misconfigurations, clear-text password and applicable exploits.
  • uptux: Specialized privilege escalation checks for Linux systems.
  • Unix-Privilege-Escalation-Exploits-Pack: Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
  • AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
  • PrivEsc: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
  • linux-smart-enumeration: Linux enumeration tools for pentesting and CTFs
  • linux-kernel-exploits

Find CVEs

  • LPVS: Linux Package Vulnerability Scanner for CentOS and Ubuntu.
  • active-cve-check: Checks a list of packages against the "active" (not yet patched) CVE's as listed in the Ubuntu CVE Tracker.
  • cve-check-tool: Original Automated CVE Checking Tool.
  • Arch-Audit: A tool to check vulnerable packages in Arch Linux.

Chkrootkit

NFS

Presentations

Windows

Potato

Unquoted services with spaces

Groups.xml

Tools

  • JAWS - Just Another Windows (Enum) Script: JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so 'should' run on every Windows version since Windows 7.
  • Sherlock: PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. (Deprecated)
  • Watson: Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
  • PowerSploit: PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
  • Potato: Potato Privilege Escalation on Windows 7, 8, 10, Server 2008, Server 2012.
  • RottenPotato: RottenPotato local privilege escalation from service account to SYSTEM. (No longer maintained)
  • RottenPotatoNG: New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
  • Tater: Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.
  • SessionGopher: SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools.
  • windows-privesc-check: Standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
  • WinPwnage: UAC bypass, Elevate, Persistence and Execution methods. The goal of this repo is to study the Windows penetration techniques.
  • WindowsEnum: A Powershell Privilege Escalation Enumeration Script.
  • juicy-potato: A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

Presentations

Linux and Windows

Docker

Docker socks

AWS