Specialized privilege escalation checks for Linux systems. Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References to executables that are writable References to broken symlinks pointing to writeable directories Relative path statements Unix socket files that are writeable (sneaky APIs) Writable D-Bus paths Overly permissive D-Bus service settings HTTP APIs running as root and responding on file-bound unix domain sockets These checks are based on things I encounter during my own research, and this tool is certainly not inclusive of everything you should be looking at. Don't skip the classics! Usage All functionality is contained in a single file, because installing packages in restricted shells is a pain. Python2 compatibility will be maintained for those crap old boxes we get stuck with. However, as the checks are really aimed at more modern user-space stuff, it is unlikely to uncover anything interesting on an old box anyway. There is nothing to install, just grab the script and run it. usage: uptux.py [-h] [-n] [-d] PrivEsc for modern Linux systems, by initstring (github.com/initstring) optional arguments: -h, –help show this help message and exit -n, –nologging do not write the output to a logfile -d, –debug print some extra [debugging](<https://www.kitploit.com/search/label/Debugging> "debugging" ) info to the console Testing For …
http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-03 16:24:002019-11-03 16:24:00Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com