linPEAS is a server vulnerability and information scanner script written in pure shell.
It's one of the first things you should launch after gaining access to the server, since it will tell you a lot of useful information such as:
However, it's not a magic get-root script. You still need some knowledge to analyze the output and try to build a way to make a lateral-movement or escalate privileges.
Pretty straightforward, so I won't really go into details
chmod +x linpeas.sh./linpeas.sh -a > /tmp/linpeas.txtlinpeas v2.3.8 by carlospolop
ADVISORY: linpeas should be used for authorized penetration testing and/or educational purposes only. Any misuse of t
his software will not be the responsibility of the author or of any other collaborator. Use it at your own networks a
nd/or with the network owner's permission.
Linux Privesc Checklist: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist
LEGEND:
RED/YELLOW: 99% a PE vector
RED: You must take a look at it
LightCyan: Users with console
Blue: Users without console & mounted devs
Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs)
LightMangenta: Your username
====================================( Basic information )=====================================
OS: Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1
SMP Tue May 13 16:34:35 UTC 2014
User & Groups: uid=1000(user) gid=1001(john) groups=1001(john),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(pl
ugdev)
Hostname: debian
Writable folder: /dev/shm
[+] /bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
[+] /bin/nc is available for network discover & port scanning (linpeas can discover hosts and scan ports, learn more
with -h)
[+] nmap is available for network discover & port scanning, you should use it yourself