-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscript.py
58 lines (31 loc) · 3.53 KB
/
script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import argparse
parser = argparse.ArgumentParser(description='Find binaries vulnerable to SUID bit escalation easily')
parser.add_argument('path', help='Path of the file containing binaries with SUID bits set')
args = parser.parse_args()
file_path = args.path
binaries=[]
f = open(file_path, "r")
for x in f:
binaries.append(x.strip().split('/')[-1])
f.close()
# Copied All the Binaries from GTFOBins and a text file call allbin.txt and run the following line to get all the binaries
# Which can be abuse with SUID bit privilge escalation techniques
# All_Binaries=[]
# f = open("allbin.txt", "r")
# for x in f:
# techniques=f.readline()
# if "SUID" in techniques:
# All_Binaries.append(x.strip())
# print(All_Binaries)
#Copied the above result as the values of ALl_Bin
All_Bin=['aa-exec', 'ab', 'agetty', 'alpine', 'ar', 'aria2c', 'arj', 'arp', 'as', 'ascii-xfr', 'ash', 'aspell', 'atobm', 'awk', 'base32', 'base64', 'basenc', 'basez', 'bash', 'batcat', 'bc', 'bridge', 'busctl', 'busybox', 'byebug', 'bzip2', 'cabal', 'capsh', 'cat', 'chmod', 'choom', 'chown', 'chroot', 'clamscan', 'cmp', 'column', 'comm', 'composer', 'cp', 'cpio', 'cpulimit', 'csh', 'csplit', 'csvtool', 'cupsfilter', 'curl', 'cut', 'dash', 'date', 'dc', 'dd', 'debugfs', 'dialog', 'diff', 'dig', 'distcc', 'dmsetup', 'docker', 'dosbox', 'dvips', 'ed', 'efax', 'elvish', 'emacs', 'env', 'eqn', 'espeak', 'expand', 'expect', 'file', 'find', 'fish', 'flock', 'fmt', 'fold', 'gawk', 'gcore', 'gdb', 'genie', 'genisoimage', 'gimp', 'ginsh', 'git', 'grep', 'gtester', 'gzip', 'hd', 'head', 'hexdump', 'highlight', 'hping3', 'iconv', 'iftop', 'install', 'ionice', 'ip', 'ispell', 'jjs', 'joe', 'join', 'jq', 'jrunscript', 'julia', 'ksh', 'ksshell', 'kubectl', 'latex', 'ld.so', 'ldconfig', 'less', 'lftp', 'links', 'logsave', 'look', 'lua', 'lualatex', 'luatex', 'make', 'mawk', 'minicom', 'more', 'mosquitto', 'msgattrib', 'msgcat', 'msgconv', 'msgfilter', 'msgmerge', 'msguniq', 'multitime', 'mv', 'mysql', 'nano', 'nasm', 'nawk', 'nc', 'ncdu', 'ncftp', 'nft', 'nice', 'nl', 'nm', 'nmap', 'node', 'nohup', 'ntpdate', 'octave', 'od', 'openssl', 'openvpn', 'pandoc', 'paste', 'pdflatex', 'pdftex', 'perf', 'perl', 'pexec', 'pg', 'php', 'pic', 'pico', 'pidstat', 'posh', 'pr', 'pry', 'psftp', 'ptx', 'python', 'rake', 'rc', 'readelf', 'restic', 'rev', 'rlwrap', 'rpm', 'rpmdb', 'rpmquery', 'rpmverify', 'rsync', 'rtorrent', 'run-parts', 'runscript', 'rview', 'rvim', 'sash', 'scanmem', 'scp', 'scrot', 'sed', 'setarch', 'setfacl', 'setlock', 'shuf', 'slsh', 'socat', 'soelim', 'softlimit', 'sort', 'sqlite3', 'ss', 'ssh-agent', 'ssh-keygen', 'ssh-keyscan', 'sshpass', 'start-stop-daemon', 'stdbuf', 'strace', 'strings', 'sysctl', 'systemctl', 'tac', 'tail', 'tar', 'taskset', 'tasksh', 'tbl', 'tclsh', 'tdbtool', 'tee', 'telnet', 'terraform', 'tex', 'tftp', 'tic', 'time', 'timeout', 'tmate', 'troff', 'ul', 'unexpand', 'uniq', 'unshare', 'unsquashfs', 'unzip', 'update-alternatives', 'uudecode', 'uuencode', 'vagrant', 'varnishncsa', 'view', 'vigr', 'vim', 'vimdiff', 'vipw', 'w3m', 'watch', 'wc', 'wget', 'whiptail', 'xargs', 'xdotool', 'xelatex', 'xetex', 'xmodmap', 'xmore', 'xxd', 'xz', 'yash', 'zip', 'zsh', 'zsoelim']
FoundBinaries=[]
for a in binaries:
if a in All_Bin:
FoundBinaries.append(a)
if len(FoundBinaries)==0:
print("[-] No Binaries can be used for SUID Privilege Escalation")
else:
print("[+] The following binaries can be used to elevate privileges using SUID technique")
for i in FoundBinaries:
print(i)