SUID3NUM

SUID3NUM

A standalone python script which utilizes python’s built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin’s repository & auto-exploit those, all with colors!

Demo

Description

A standalone script supporting both python2 & python3 to find out all SUID binaries in machines/CTFs and do the following

  • List all Default SUID Binaries (which ship with linux/aren’t exploitable)
  • List all Custom Binaries (which don’t ship with packages/vanilla installation)
  • List all custom binaries found in GTFO Bin’s (This is where things get interesting)
  • Try and exploit found custom SUID binaries which won’t impact machine’s files

Why This?

  • Because LinEnum and other enumeration scripts only print SUID binaries & GTFO Binaries, they don’t seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can’t escalate privs :)

Output

SUID 3NUM’s Sample Output

Works on

  • Python (2.6-7.*)
  • Python (3.6-7.*)

Download & Use

wget  --no-check-certificate && chmod 777 suid3num.py
curl -k https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --output suid3num.py && chmod 777 suid3num.py

Tested on

  • Pop! OS 18.04 LTS
  • Ubuntu 18.04 LTS
  • Nebula
  • Kali Linux (PWK VM)

asciicast

Usage

Initializing Script

python suid3num.py

Doing Auto Exploitation of found custom SUID binaries

python suid3num.py -e

Auto Exploitation of SUID Bins

asciicast

Note

Please run the script after going through what it does & with prior knowledge of SUID bins.
P.S ~ Don't run with `-e` parameter, if you don't know what you're doing!

Thanks

Shoutout to Zeeshan Sahi & Bilal Rizwan for their ideas and contribution. 

Also, thanks to [Cyrus](https://github.com/cyrus-and) for [GTFO Bins](https://gtfobins.github.io/) 






About

Welcome to 0x1.gitlab.io my personal blog to share my knowledge
Cyber Security, Ethical Hacking, Web & Network Auditing, Reverse Engineering and Cryptography
Website semi-configured to use with No-Script. No ADS and No use analytics tracking.


Contact

Forum : @0x1


© 0x1 | Cyber Security Consulting - Copyright All Rights Reserved