linuxprivcheck: Python script for privilege escalation for Linux

by do son · Published September 30, 2020 · Updated October 25, 2022

Python script for privilege escalation for Linux

The original author is Mike Czumak (T_v3rn1x) — @SecuritySift.

old-linuxprivchecker.py: Famous linuxprivchecker.py (Python) with updates – I’ll not update it anymore.
linuxprivchecker3.py: Famous linuxprivchecker.py, compatible both Python 2 & 3 with updates.

The –fast does not perform the check for passwords in .sh files.

Support both Python 2 and 3 in one script
Add tips (jail escape) and resources (links)
Correction for broken links
Support ip and ss for new Linux versions
Add a fast option (avoid check for passwords in .sh files)
New check for:
- Capabilities
- Systemd timers
- Screen and Tmux opened shells
- The current user is member of docker group (https://fosterelli.co/privilege-escalation-via-docker.html) or lxc/lxd (https://github.com/initstring/lxd_root)
- Check for passwords:
  - grub passwords or hashes
  - passwords in .sh scripts
  - /etc/security/password
- Check for SSH agent connexion in /tmp (https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking/)
Improve exploits part:
- New exploits added (however I recommend to use a more complete tool for this part)
- Correct versions for previous exploit to avoid false positives

git clone https://github.com/cervoise/linuxprivcheck.git

On Kali (or other Linux) install pyinstaller:

$ pip install pyinstaller
$ pip3 install pyinstaller

Then compile the script:

$ python -m PyInstaller --onefile linuxprivchecker.py
$ python3 -m PyInstaller --onefile linuxprivchecker3.py

Standalone ELF will be in ./dist/