NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

Linux privesc check

Open overgrowncarrot1 opened this issue 4 months ago • 3 comments

Description

SSH Protocol module that does a Linux Priv Esc and looks at sudo, suid, and capabilities. These are then checked against GTFObins and end user can see which are vulnerable.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] Deprecation of feature or functionality
  • [ ] This change requires a documentation update
  • [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

In particular: Setup only included another machine (ubuntu 22.04) that has sudo, suid and capabilites to show that module works properly.

Screenshots (if appropriate):

Screenshots are always nice to have and can give a visual representation of the change.

Ran without any options and only the module

image

Ran with NoSudo option to true so sudo -l will not be done on target machine

image

Ran with NoGTF to true so it will not reach out to GTFOBins, and will only show Sudo privs

image

Ran with NoGTF and SUID Bits to show all, which means that all SUID bits will be returned

image

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

  • [x] I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
  • [x] I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
  • [x] New and existing e2e tests pass locally with my changes
  • [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

e2e_commands.txt

overgrowncarrot1 avatar Aug 24 '25 01:08 overgrowncarrot1

Thanks for the PR!

There are currently 3 modules in this PR. Was that intended? Looks like you branched of of your previous PR.

NeffIsBack avatar Aug 24 '25 13:08 NeffIsBack

Thanks for the PR!

There are currently 3 modules in this PR. Was that intended? Looks like you branched of of your previous PR.

No sorry, I can close this one if it is easier. The other 2 modules within this one socks and persistence one already have a PR open

overgrowncarrot1 avatar Aug 24 '25 14:08 overgrowncarrot1

Fine for now, but this means we have to merge https://github.com/Pennyw0rth/NetExec/pull/865 first before we can get to this one

NeffIsBack avatar Aug 24 '25 16:08 NeffIsBack