UNIX-privesc检查包装说明

Unix的privesc检查器是在Unix系统上运行(在Solaris 9,HPUX 11,各种Linux版本,FreeBSD的6.2测试)的脚本。它试图发现错误配置,可能允许本地非特权用户提升权限给其他用户或访问本地应用程序(如数据库)。它写成一个shell脚本,因此它可以很容易地上传和运行(相对于非柏油,编译和安装)。它可以运行作为一个普通用户或根(显然它作为根运行时,没有一个更好的工作,因为它可以读取更多的文件)。 资料来源:http://pentestmonkey.net/tool​​s/audit/unix-privesc-check

UNIX-privesc检查首页 | 卡利UNIX-privesc检查回购

  • 作者:pentestmonkey
  • 许可:GPL第二版

    0x01 包括在UNIX-privesc检查包装工具

    UNIX-privesc检查 - 脚本检查简单的权限提升载体
    :~# unix-privesc-check
unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )
Usage: unix-privesc-check { standard | detailed }
"standard" mode: Speed-optimised check of lots of security settings.
"detailed" mode: Same as standard mode, but also checks perms of open file
               handles and called files (e.g. parsed from shell scripts,
               linked .so files).  This mode is slow and prone to false
               positives but might help you find more subtle flaws in 3rd
               party programs.
This script checks file permissions and other settings that could allow
local users to escalate privileges.
Use of this script is only permitted on systems which you have been granted
legal permission to perform a security assessment of.  Apart from this
condition the GPL v2 applies.
Search the output for the word 'WARNING'.  If you don't see it then this
script didn't find any problems.

    0x02 UNIX-privesc检查用法示例

    :~# unix-privesc-check standard
Assuming the OS is: linux
Starting unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )
This script checks file permissions and other settings that could allow
local users to escalate privileges.
Use of this script is only permitted on systems which you have been granted
legal permission to perform a security assessment of.  Apart from this 
condition the GPL v2 applies.
Search the output below for the word 'WARNING'.  If you don't see it then
this script didn't find any problems.
############################################
Recording hostname
############################################
kali
############################################
Recording uname
############################################
Linux kali 3.12-kali1-amd64 #1 SMP Debian 3.12.9-1kali1 (2014-05-13) x86_64 GNU/Linux
############################################
Recording Interface IP addresses

    原文来自https://www.hackfun.org/kali-tools/unix-privesc-check_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""