Resources Linux Post-Exploit Cheat Sheet

Linux Post-Exploit Cheat Sheet

After gaining shell access to a Linux system as a unprivileged (normal) user, you may want to enumerate the system (see its installed software, users, and files), escalate your privileges, transfer files, create a reverse shell, or do other common post-exploit tasks.

Enumeration

Enumeration: See what software, users, files, networks, etc... exist on this machine

LinEnum

LinEnum - https://github.com/rebootuser/LinEnum
Enumerate a Linux system.

See: Also

Linux Enumeration Cheat Sheet
LinPEAS (below)

Privilege Escalation

Privilege Escalation: Techniques to go from an unprivileged shell to a root shell (with full system access)

There are two general approaches:
1.) Find an exploit (software bug) in the operating system or other system services
2.) Find a misconfiguration in an existing legitimate tool

Recent Linux Vulnerabilities (2021+)

Name	CVE	Links
"DirtyPipe"	CVE-2022-0847	Exploit-DB
"PwnKit"	CVE-2021-4034
"Baron Samedit"	CVE-2021-3156	Exploit-DB 1, Exploit-DB 2

Exploit Database

Exploit Database - https://www.exploit-db.com/

"The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away."

Linux Exploit Suggester 2

Linux Exploit Suggester 2

Returns a list of possible CVEs, exploits, and exploit POCs (Proof of Concept) for the running Linux kernel.

Traitor

Traitor - https://github.com/liamg/traitor

Linux privilege escalation made easy! Traitor takes advantage of local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. Note that these are primarily misconfigurations, not exploits.

Traitor demo

GTFOBins

GTFOBins - https://gtfobins.github.io/

"GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to get the break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available."

LinPEAS

LinPEAS - Linux Privilege Escalation Awesome Script - https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

LinPEAS is a script that searches for possible paths to escalate privileges on Linux/Unix* hosts. It also does a nice job of enumerating the system as well.