linux-smart-enumeration
SUDO_KILLER
Our great sponsors
| linux-smart-enumeration | SUDO_KILLER | |
|---|---|---|
| 2 | 8 | |
| 3,193 | 2,096 | |
| - | - | |
| 6.2 | 8.8 | |
| 4 months ago | about 2 months ago | |
| Shell | Shell | |
| GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linux-smart-enumeration
-
I passed with 100 points on second attempt AMA
Linux privesc is a bunch of manual checks from my notes that I have built over time. I also like https://github.com/diego-treitos/linux-smart-enumeration (lse.sh) which is similar to linpeas but the output is less busy.
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
SUDO_KILLER
- cve-2023-22809
-
CVE-2023-22809
this project https://github.com/TH3xACE/SUDO_KILLER can be used to detect and exploit this CVE.
-
Sudoedit can edit arbitrary files (CVE-2023-22809)
check the project https://github.com/TH3xACE/SUDO_KILLER ... there is a docker and the tool within it to play with the described scenario and there is a video also...showing the exploitation :)
- TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
- Some of the latest CVEs like CVE-2014-0106, CVE-2015-5602, CVE-2017-1000367, CVE-2019-14287, CVE-2019-18634, CVE-2021-3156 and CVE-2021-23240 are detected by the tool and much more. If you like the project, don't forget to give a +1 star on github. Thanks
- How to detect sudo’s CVE-2021-3156 using Falco
-
Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)
Detection and checks for CVE-2021-3156 and CVE-2021-23240 were added to https://github.com/TH3xACE/SUDO_KILLER . Please give a +1 star on github if you appreciate the project.
What are some alternatives?
airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
OSCP-Exam-Report-Template - Modified template for the OSCP Exam and Labs. Used during my passing attempt
owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
EZEA - EZEA (EaZy Enum Automator), made for OSCP. This tool uses bash to automate most of the enumeration proces
CapProcess - A simple and useful script for capturing the processes running on a machine and some basic information about the system
linux-exploit-suggester - Linux privilege escalation auditing tool
pdfcrack - An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
ActiveDirectoryAttackTool - ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
CVE-2021-4034 - PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
Pentest-Service-Enumeration - Suggests programs to run against services found during the enumeration phase of a Pentest
OSCP-BoF - This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.