Unix-privesc-check is only available to UNIX system users. The script is straight forward and easy to set up using Terminal. It is designed to report vulnerabilities on the targeted system. Unix-privesc-check identifies misconfigurations that could allow local unprivileged users to gain entrance to local databases or escalate privileges to other users.
Two scripts are included in the unix-privesc-check package: a single shell script and a .sh script. The single shell script is designed for ease. While it runs quicker than the .sh script, the code is somewhat hard to read. Nonetheless, it is still steady and established.
The .sh script is built with subdirectories. In order for the execution to run smoothly, the subdirectories need to accompany the script. This script is slower than the single shell script; however the code is more thorough and user-friendly. Both scripts must be uploaded to the target system in order to run correctly.
Once unix-privesc-check is up and running, its main focus is exploiting generic misconfigurations and weak file permissions. By executing whatever chosen script in Terminal, the user will have access to their system’s vulnerabilities via a detailed report. The use of this instrument is unnecessary for everyday users. However, if you’re browsing the dark web on a regular basis, consider utilizing this tool.
Pentestmonkey explains unix-privesc-check’s usefulness,
“If you run it against a fairly modern OS that hasn’t had much configuration done, then you’re not going to find much. These Oss have fairly secure file permissions by default. However, if you run it against Solaris 8 or against a system that has been running for a couple of years and had a lot of configuration done or 3rd party apps installed, then you’ll probably find quite a bit.”
Checks performed by unix-privesc-check include:
- Writable Home Directories
- Readable /etc/shadow
- Weak Permissions on Cron Jobs
- Writable Configuration Files
- Writable Device Files
- Readable Files in Home Directories
- Running Processes Corresponding to Writable Programs