Uptux : Linux Privilege Escalation Checks

Uptux is a specialized privilege escalation checks for Linux systems. Implemented so far:

  • Writable systemd paths, services, timers, and socket units
  • Disassembles systemd unit files looking for:
    • References to executables that are writable
    • References to broken symlinks pointing to writeable directories
    • Relative path statements
    • Unix socket files that are writeable (sneaky APIs)
  • Writable D-Bus paths
  • Overly permissive D-Bus service settings
  • HTTP APIs running as root and responding on file-bound unix domain sockets

These checks are based on things I encounter during my own research, and this tool is certainly not inclusive of everything you should be looking at. Don’t skip the classics!

Also Read – Virtuailor : IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro

Usage

All functionality is contained in a single file, because installing packages in restricted shells is a pain. Python2 compatibility will be maintained for those crap old boxes we get stuck with. However, as the checks are really aimed at more modern user-space stuff, it is unlikely to uncover anything interesting on an old box anyway.

There is nothing to install, just grab the script and run it.

usage: uptux.py [-h] [-n] [-d]

PrivEsc for modern Linux systems, by initstring (github.com/initstring)

optional arguments:
-h, –help show this help message and exit
-n, –nologging do not write the output to a logfile
-d, –debug print some extra debugging info to the console

Testing

For testing purposes, you can run the tests/r00tme.sh script, which will create many vulnerable configuration issues on your system that uptux can identify. Running tests/unr00tme.sh will undo these changes, but don’t hold me to it. Needless to say, this is dangerous.

Use a VM for testing this way.

R K

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

19 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

20 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

2 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

2 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

3 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago