A standalone python script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors!
Description
A standalone script supporting both python2& python3 to find out all SUID binaries in machines/CTFs and do the following
- List all Default SUID Binaries (which ship with linux/aren't exploitable)
- List all Custom Binaries (which don't ship with packages/vanilla installation)
- List all custom binaries found in GTFO Bin's (This is where things get interesting)
- Try and exploit found custom SUID binaries which won't impact machine's files
- Because LinEnum and other enumerationscripts only print SUID binaries & GTFO Binaries, they don't seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can't escalate privs :)
Output
SUID 3NUM's Sample Output
Works on
- Python (2.6-7.*)
- Python (3.6-7.*)
Download & Use
wget https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --no-check-certificate && chmod 777 suid3num.py
curl -k https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --output suid3num.py && chmod 777 suid3num.py
Tested on
- Pop! OS 18.04 LTS
- Ubuntu 18.04 LTS
- Nebula
- Kali Linux (PWK VM)
Usage
Initializing Script
python suid3num.py
Doing Auto Exploitation of found custom SUID binariespython suid3num.py -e
Output
Auto Exploitation of SUID Bins
Note
Please run the script after going through what it does & with prior knowledge of SUID bins.
P.S ~ Don't run with `-e` parameter, if you don't know what you're doing!
Thanks
Shoutout to Zeeshan Sahi & Bilal Rizwan for their ideas and contribution.
Also, thanks to Cyrus for GTFO Bins<3
Let me know, what you think of this script at [@syed__umar](https://twitter.com/@syed__umar) ≧◡≦