LinEnum
LinEnum is a bash script that is used by penetration testers to automate local enumeration and identify privilege escalation vectors on Linux systems.
To use this script, you will need to copy the script into your lab environment. To begin with, you can access the script through the following GitHub repository:
On the GitHub repo, navigate to the LinEnum.sh script as shown in the following screenshot.
You will then need to view the script in raw format, this can be done by clicking the raw button as shown in the following screenshot.
You will now need to copy the content of the script in raw format and paste it into the lab environment clipboard.
Once you have copied the script from the GitHub repo, navigate back to the Kali Linux system in your lab environment and create a new file with a text editor like leafpad.
Then paste in the script you copied in the file, after which save the file as LinEnum.sh as shown in the following screenshots.
We can now navigate back to our meterpreter session and navigate to the tmp drive by running the following command:
Command:
We can now upload the LinEnum.sh script we copied from the GitHub repo by running the following command:
Command:
We will now need to spawn a command shell session, this can be done by running the following command:
Command:
Command:
We can now run the LinEnum.sh script by running the following commands:
Command:
Command:
As shown in the following screenshot, the LinEnum.sh script will run and will display the results in the terminal.
Take a few minutes to go through the output and analyze what information LinEnum was able to enumerate in addition to any potentially interesting information that we were unable to enumerate manually or with Metasploit modules.
Conclusion
In this lab, we explored automating local enumeration on a Linux system by leveraging Metasploit post-exploitation modules and local enumeration scripts like LinEnum.
Last updated