Linux Post-Exploit Cheat Sheet
After gaining shell access to a Linux system as a unprivileged (normal) user, you may want to enumerate the system (see its installed software, users, and files), escalate your privileges, transfer files, create a reverse shell, or do other common post-exploit tasks.
Enumeration: See what software, users, files, networks, etc... exist on this machine
LinEnum - https://github.com/rebootuser/LinEnum
Enumerate a Linux system.
- Linux Enumeration Cheat Sheet
- LinPEAS (below)
Privilege Escalation: Techniques to go from an unprivileged shell to a root shell (with full system access)
There are two general approaches:
1.) Find an exploit (software bug) in the operating system or other system services
2.) Find a misconfiguration in an existing legitimate tool
Recent Linux Vulnerabilities (2021+)
|"Baron Samedit"||CVE-2021-3156||Exploit-DB 1, Exploit-DB 2|
"The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away."
Linux Exploit Suggester 2
Returns a list of possible CVEs, exploits, and exploit POCs (Proof of Concept) for the running Linux kernel.
Linux privilege escalation made easy! Traitor takes advantage of local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. Note that these are primarily misconfigurations, not exploits.
"GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems.
The project collects legitimate functions of Unix binaries that can be abused to get the break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available."
LinPEAS is a script that searches for possible paths to escalate privileges on Linux/Unix* hosts. It also does a nice job of enumerating the system as well.