kali工具箱

unix-privesc-check Package Description

Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).

Source: http://pentestmonkey.net/tools/audit/unix-privesc-check
unix-privesc-check Homepage| Kali unix-privesc-check Repo

Author: pentestmonkey
License: GPLv2

Tools included in the unix-privesc-check package

unix-privesc-check – Script to check for simple privilege escalation vectors

[email protected]:~# unix-privesc-check

unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )



Usage: unix-privesc-check { standard | detailed }



"standard" mode: Speed-optimised check of lots of security settings.



"detailed" mode: Same as standard mode, but also checks perms of open file

                 handles and called files (e.g. parsed from shell scripts,

                 linked .so files).  This mode is slow and prone to false

                 positives but might help you find more subtle flaws in 3rd

                 party programs.



This script checks file permissions and other settings that could allow

local users to escalate privileges.



Use of this script is only permitted on systems which you have been granted

legal permission to perform a security assessment of.  Apart from this

condition the GPL v2 applies.



Search the output for the word 'WARNING'.  If you don't see it then this

script didn't find any problems.

unix-privesc-check Usage Example

[email protected]:~# unix-privesc-check standard

Assuming the OS is: linux

Starting unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )



This script checks file permissions and other settings that could allow

local users to escalate privileges.



Use of this script is only permitted on systems which you have been granted

legal permission to perform a security assessment of.  Apart from this 

condition the GPL v2 applies.



Search the output below for the word 'WARNING'.  If you don't see it then

this script didn't find any problems.





############################################

Recording hostname

############################################

kali



############################################

Recording uname

############################################

Linux kali 3.12-kali1-amd64 #1 SMP Debian 3.12.9-1kali1 (2014-05-13) x86_64 GNU/Linux



############################################

Recording Interface IP addresses