gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed piyush-security closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/suid3num
Thank you for your contribution!
[link] https://github.com/anon-exploiter/suid3num [/link]
[tags] SUID, privilege-escalation [/tags]
[short_descr] A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! [/short_descr]
[long_descr] A standalone script supporting both python2 & python3 to find out all SUID binaries in machines/CTFs and do the following :-
=> List all Default SUID Binaries (which ship with linux/aren't exploitable) => List all Custom Binaries (which don't ship with packages/vanilla installation) => List all custom binaries found in GTFO Bin's (This is where things get interesting) => Printing binaries and their exploitation (in case they create files on the machine) => Try and exploit found custom SUID binaries which won't impact machine's files
Why This?
Because LinEnum and other enumeration scripts only print SUID binaries & GTFO Binaries, they don't seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can't escalate privs :) [/long_descr]
[image]
[/image]
[image]
[/image]
[image]
[/image]