User Controls
I'd like make a list of a few sec related perl and shellscripts.
-
2015-11-15 at 3:49 PM UTC[FONT=arial]Playing around with the server i compromised earlier in this thread. I got to thinking that it would be pretty neat to have a small collection of security related perl and shellscripts to run on a target machine such as that to perform a number of offensive and or enumeration tasks, obvioulsy shellscripts and perl would be excellent for this since they come natively on any Linux distro. With regards to enumeration i found a very nice shellscript already that basically just dumps the entire system configuration for you.
Here is the repo with associated script.
https://github.com/rebootuser/LinEnum
A sample of it's output will look like this.[/FONT]
### SYSTEM ##############################################
Kernel information:
Linux edusvm08 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu Mar 29 11:46:40 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
Kernel information (continued):
Linux version 2.6.32-220.13.1.el6.x86_64 (mockbuild@x86-002.build.bos.redhat.com) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Thu Mar 29 11:46:40 EDT 2012
Specific release information:
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Hostname:
edusvm08
### USER/GROUP ##########################################
Current user/group info:
uid=48(apache) gid=48(apache) groups=48(apache)
Users that have previously logged onto the system:
Username Port From Latest
root tty1 Thu Nov 20 09:08:41 +0100 2014
maxel pts/0 192.168.151.26 Fri Oct 2 10:37:04 +0200 2015
umdach03 pts/0 10.18.15.25 Wed Sep 10 15:01:19 +0200 2014
umlubu01 pts/1 umwd3094.um.wroc Fri Nov 22 15:38:22 +0100 2013
umtoma pts/0 10.13.15.188 Mon Apr 27 11:38:31 +0200 2015
umkapl pts/1 umwd1992.um.wroc Thu Aug 14 13:30:43 +0200 2014
krku02 pts/0 umwd2079.um.wroc Thu Apr 23 08:55:46 +0200 2015
spilak pts/0 10.18.15.22 Fri Oct 10 14:10:26 +0200 2014
All users and uid/gid info:
root:x:0:0
bin:x:1:1
daemon:x:2:2
adm:x:3:4
lp:x:4:7
[FONT=arial]Among that it also displays cronjobs, services, network configuration and a whole host of valuable information. Now ideally my collection of scripts would focus on extracting more valuable information such as important documents and files and come with an ability to upload it to a remote host from where i may retrieve the results.
Privilege escalation scripts/exploits would also be desireable think of Proofs of Concept for specific Linux versions if at all possible(I haven't really looked into it that much). So, if you happen to have some sec related or generally useful perl and/or shellscripts laying about or know where i could find that i'd be much obliged. Not only that, maybe if we can get a couple nice ones sorted out we can make this the unofficial shellscript thread or something. [/FONT] -
2015-11-15 at 6:01 PM UTCHow much perl do you have under your belt? I made a thread a while back that got quite a few perl resources. You posted in it but lanny and I also added some stuff. I can dig it up if you want it. Otherwise im not much help.
-
2015-11-15 at 7:46 PM UTC
How much perl do you have under your belt? I made a thread a while back that got quite a few perl resources. You posted in it but lanny and I also added some stuff. I can dig it up if you want it. Otherwise im not much help.
I have zero experience, with perl however i'm always up to learn so if you have any resources to share i'd gladly have a look at them. Also if you are in the posession of a perl or shellscript that you find useful for whatever reason i'd love to hear about it too as it may be relevant to my interest. -
2015-11-16 at 12:57 AM UTCFound two excellent shellscripts for privilege escalation on Linux boxes.
https://github.com/PenturaLabs/Linux_Exploit_Suggester When ran this will suggest me an exploit to run on the target machine.
https://github.com/pentestmonkey/unix-privesc-check This one will also check for common privilege escalation vectors.
Infact i'm going to reconnect to my shellshock vulnerable server and test them out right now. -
2015-11-16 at 8:28 PM UTCWhat i was also thinking was maybe arrange for a script with some value as an anti-forensic aid, at least to some degree. I want a shell or perl script that deletes all relevant logs after i've interacted with the server. If anyone has anything like that i'd be much obliged in the mean time i will look to see if i can adapt an existing script to this effect. My perl sucks mind you so i might need some assistance later/
-
2015-11-17 at 12:51 AM UTCAlright guys so i thought i have these three useful scripts now right. But it would be such a drag to have to manually 'wget' and unzip them one by one whenever i get into a server do figured i'd make a shellscript to do it for me. Now bare in mind my bash is not that good so i'd like to post it here so you guys can tell me how it looks and if it will do what i want it to do before i pusg it to github and embarres myself.
The purpose of the script after it gets executed is to check if any arguments have been passed. If there haven't it's going to download the three scripts i mentioned in this thread directly from github.. After that it's going to unzip them to their own folder and exit. When you're done using the script simply run it again with an argument to have it delete everything in the directory it was downloaded to. The target directory for all this would be the /tmp directory since it's most likely everyone has read/write privilege there.
So, replaced the code with my working Bash script from github.
https://github.com/NullArray/RootHel.../roothelper.sh
booyah add that to the list.