Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pentestmonkey/unix-privesc-check
Automatically exported from code.google.com/p/unix-privesc-check
https://github.com/pentestmonkey/unix-privesc-check
Last synced: 5 days ago
JSON representation
Automatically exported from code.google.com/p/unix-privesc-check
- Host: GitHub
- URL: https://github.com/pentestmonkey/unix-privesc-check
- Owner: pentestmonkey
- Created: 2015-03-22T13:38:54.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2021-02-07T21:47:46.000Z (almost 4 years ago)
- Last Synced: 2024-12-30T02:09:42.316Z (12 days ago)
- Language: Shell
- Size: 386 KB
- Stars: 1,042
- Watchers: 47
- Forks: 220
- Open Issues: 24
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-infosec - unix-privesc-check
- Awesome-Security-Resources - Unix Privilege Escalation
- awesome-hacking-lists - pentestmonkey/unix-privesc-check - Automatically exported from code.google.com/p/unix-privesc-check (Shell)
README
Shell script to check for simple privilege escalation vectors on Unix systems
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).
Also see: http://pentestmonkey.net/tools/unix-privesc-check/
This project contains two branches that are actively maintained:
* Branch "1_x", that contains a single shell script, "unix-privesc-check" that needs to be uploaded and run on the target system. The script runs fairly quickly. The code, while a bit ugly is stable and mature. https://github.com/pentestmonkey/unix-privesc-check/tree/1_x
* Branch "master", that contains a script "upc.sh" and some subdirectories that need to be uploaded and run on the target system. The script is generally slower, but more thorough in some ways. The code is much nicer, though somewhat experimental. https://github.com/pentestmonkey/unix-privesc-check/tree/masterIf in doubt, try both.