Anon-Exploiter/SUID3NUM Anon-Exploiter/SUID3NUM

  • Stars
    star
    607
  • Rank 73,329 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 5 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Anon-Exploiter/SUID3NUM
github

Anon-Exploiter

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

SUID3NUM

Maintenance made-with-python GitHub Contributors GitHub closed issues GitHub closed pull requests Twitter LinkedIn

A standalone python2/3 script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡ʘ ͜ʖ ͡ʘ)

asciicast

Description

A standalone script supporting both python2 & python3 to find out all SUID binaries in machines/CTFs and do the following

  • List all Default SUID Binaries (which ship with linux/aren't exploitable)
  • List all Custom Binaries (which don't ship with packages/vanilla installation)
  • List all custom binaries found in GTFO Bin's (This is where things get interesting)
  • Printing binaries and their exploitation (in case they create files on the machine)
  • Try and exploit found custom SUID binaries which won't impact machine's files

Why This?

  • Because LinEnum and other enumeration scripts only print SUID binaries & GTFO Binaries, they don't seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can't escalate privs :)

Can I use this in OSCP?

Yes, you totally can. I used it in my exam, linked it in the report as well. Just don't use -e (according to some people) and you're good to go!

The auto exploitation (i.e. -e) was implemented because I'm a little bit lazy and don't really like copy/pasting so it did the rest for me, you won't find easy binaries like those in OSCP (it ain't kids play), you'll definitely have to research a little bit but it'll do half of the work for you -- can't stress this enough. If you're reading this section, good luck for your exam though.

Changelog

  • Added new section of binaries which impact the system (Auto-Exploitation isn't supported for binaries which impact the system in any way i.e. creating new files, directories, modifying existing files etc.). The user has to manually execute those commands, and is supposed to understand those before running as well! (POC: https://i.imgur.com/FclFFwg.png)

Output

SUID3NUM's Sample output

Works on

  • Python (2.5-7.*)
  • Python (3.5-7.*)

Download & Use

wget

wget https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --no-check-certificate && chmod 777 suid3num.py

curl

curl -k https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --output suid3num.py && chmod 777 suid3num.py

Tested on

  • Pop! OS 18.04 LTS
  • Ubuntu 18.04 LTS
  • Nebula
  • Kali Linux (PWK VM)

Usage

Initializing Script

python suid3num.py

Doing Auto Exploitation of found custom SUID binaries

python suid3num.py -e

Output

Auto Exploitation of SUID Bins

asciicast

Note

Please run the script after going through what it does & with prior knowledge of SUID bins.
P.S ~ Don't run with `-e` parameter, if you don't know what you're doing!

Stargazers Chart

Stargazers over time

Shoutouts

Shoutout to Zeeshan Sahi & Bilal Rizwan for their ideas and contribution. Also, thanks to Cyrus for GTFO Bins <3

Let me know, what you think of this script at @syed__umar ≧◡≦

More Repositories

1

SiteBroker

A cross-platform python based utility for information gathering and penetration testing automation!
Python
417
star
2

subdomainsEnumerator

A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
Shell
71
star
3

An0n-3xPloiTeR-Shell

An0n 3xPloiTeR Shell
PHP
35
star
4

anime-dl

Python3 script to download subbed animes from 4anime.to, gogoanime.ai, and gogoanime.be (the sites with best quality i.e. 1080p)
Python
26
star
5

decoder

A simple script to try and decode a string in various encoding mechanisms regardless of its (original) type.
Python
23
star
6

IpGrabber

It'll grab the IP sitting behind Cloudflare ¯\_(ツ)_/¯
Python
21
star
7

ReVeRsE-IP

A Python Based Non-Interactive Ugly ReVeRsE IP Script To Find The Domains On The Server
Python
21
star
8

BOF

Some Buffer Overflow Automation Scripts I'll be using between PWK labs and Exam!
Python
19
star
9

ine-dl

Python script to download INE courses including labs, exercises, quizzes, slides, and, videos!
Python
17
star
10

Php-Obfuscation-Tool

A php based obfuscation tool for obfuscating scripts using various methods ¯\_(ツ)_/¯
PHP
16
star
11

csgo-server

Creating CS:GO server with skins, ws, gloves, knife, rank, rs, etc. both with a bash file and using a docker file.
Shell
16
star
12

S3miNa

A python based utility to download animes for offline viewing ¯\(ツ)/¯
Python
14
star
13

Mini-Shell

A Simple PHP Based Mini Web-Shell for command execution, directory browsing etc.
PHP
13
star
14

infosecinstitute-dl

A small and dirty python3 based script to download courses from Infosec Institute.
Python
11
star
15

S3VideoStreamer

Playing videos through S3 buckets (Wasabi, AWS, etc.) through client-side VideoJS player
Python
10
star
16

VUBot

A script to post Quizzes, GDBs, and Assignments in Discord channel via WebHooks to alert the assignee.
Python
8
star
17

1337-Language-Translator

1337 Language Translator Can Be Used to Convert Text into Leet Language
PHP
8
star
18

Route53-SubdomainsTakeover

A script to fetch all route53 hosted zones, fetch all CNAME DNS records of each zone (domain) then check all the records containing elasticbeanstalk applications; if they're takeoverable and post all that on Slack!
Python
7
star
19

cyberhackathon.pk

This repository contains the challenges solutions of cyberhackathon.pk
Java
7
star
20

webApplicationTakeover

Vanilla PHP based application containing the challenge of taking over Web Application via Shell Upload (docker image & documentation will be available at: https://pentestlabs.gitbook.io/challenges/)
CSS
7
star
21

sast-dast

Implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.
Python
6
star
22

adminPanelTakeover

Laravel based application containing the challenge of taking over Admin Panel (docker image & documentation will be available at: https://pentestlabs.gitbook.io/challenges/admin-panel-takeover-i)
PHP
5
star
23

Parameter-Finder

It Can Be Very Useful In Case Of Finding Parameters Of Php Files In A Site
PHP
5
star
24

vulnerable-packages

A repository containing docker images of vulnerable packages (e.g. backdoored vsftpd) etc. for testing exploits/scanners and to not waste time on dependencies and shit.
Dockerfile
5
star
25

Anon-Exploiter

4
star
26

Symlinker

It Can Be Used In Bypassing Internel Server Error and grabbing config files of website's hosted ¯\_(ツ)_/¯
PHP
4
star
27

String-Conversion-Tool

It Can Be Used For Doing Various String Conversions ¯\_(ツ)_/¯
PHP
4
star
28

R3V-Injector

It can be used for injecting / appending backdoors recursively
PHP
4
star
29

Php-Calculator

Just An Php Calculator ^_^
PHP
3
star
30

code-snippets

A Github repo maintaining (mostly) python code snippets which I use approximately daily and to save time searching for them locally/via google
3
star
31

pentestlabs

Here you'll find the docker images of challenges/vulnerabilities/misconfigurations/flaws faced by `(mostly) me and the bois` while pentesting different kinds of applications.
3
star
32

exploits

Repository containing any exploits I'll be writting while preparing for OSWE or while doing general CTFs/challenges.
Python
3
star
33

udemy-dl

A cross-platform python based utility to download courses from udemy for personal offline use.
Python
2
star
34

CRTO-Lab-Status

Posts the latest status of CRTO labs, running/stopped and hours in Discord/Slack
Python
2
star
35

Zoneh-Notifier

For Notifying Mass Defaces in one shot ¯\_(ツ)_/¯
PHP
2
star
36

R3vIT

A python based script to find hosts on the server and then try different combinations of admin panels and then try to find inner files of the admin panels!
Python
2
star
37

WiNDiP

An online look-a-like php based terminal ¯\_(ツ)_/¯
PHP
2
star
38

ThemFatScripts

Just a repo containing my day to day scripts I write for practicing, learning & pentesting | Enter at your own discretion
Python
2
star
39

selenium-actions-test

To test selenium actions on github with chromedriver installation
Python
1
star
40

anon-exploiter.github.io

Github pages site hosting content of umar0x01.sh
HTML
1
star
41

github-actions

Python
1
star
42

cs2-server

Creating CS2 server with plugins
1
star