Skip to content
/ SUID3NUM Public
forked from Anon-Exploiter/SUID3NUM

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

License

MIT license
1 star 124 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

F-Masood/SUID3NUM

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
output.m
output.m
 
 
suid3num.py
suid3num.py
 
 

Repository files navigation

SUID3NUM

Open Source Love python python Open Source Love

A standalone python script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡ʘ ͜ʖ ͡ʘ)

asciicast

Description

A standalone script supporting both python2 & python3 to find out all SUID binaries in machines/CTFs and do the following

  • List all Default SUID Binaries (which ship with linux/aren't exploitable)
  • List all Custom Binaries (which don't ship with packages/vanilla installation)
  • List all custom binaries found in GTFO Bin's (This is where things get interesting)
  • Try and exploit found custom SUID binaries which won't impact machine's files

Why This?

  • Because LinEnum and other enumeration scripts only print SUID binaries & GTFO Binaries, they don't seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can't escalate privs :)

Changelog

  • Added new section of binaries which impact the system (Auto-Exploitation isn't supported for binaries which impact the system in any way i.e. creating new files, directories, modifying existing files etc.). The user has to manually execute those commands, and is supposed to understand those before running as well! (POC: https://i.imgur.com/FclFFwg.png)

Output

SUID 3NUM's Sample Output

Works on

  • Python (2.6-7.*)
  • Python (3.6-7.*)

Download & Use

wget https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --no-check-certificate && chmod 777 suid3num.py
curl -k https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --output suid3num.py && chmod 777 suid3num.py

Tested on

  • Pop! OS 18.04 LTS
  • Ubuntu 18.04 LTS
  • Nebula
  • Kali Linux (PWK VM)

Usage

Initializing Script

python suid3num.py

Doing Auto Exploitation of found custom SUID binaries

python suid3num.py -e

Output

https://i.imgur.com/FclFFwg.png

Auto Exploitation of SUID Bins

asciicast

Note

Please run the script after going through what it does & with prior knowledge of SUID bins.
P.S ~ Don't run with `-e` parameter, if you don't know what you're doing!

Stargazers Chart

Stargazers over time

Thanks

Shoutout to Zeeshan Sahi & Bilal Rizwan for their ideas and contribution.

Also, thanks to Cyrus for GTFO Bins <3

Let me know, what you think of this script at [@syed__umar](https://twitter.com/@syed__umar) ≧◡≦

About

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 74.6%
  • Mercury 25.4%