Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads five scripts. Two enumeration shellscripts, one information gathering shellscript and two exploit suggesters, one written in perl and the other one in python.
The credits for the scripts it fetches go to the original authors.
BashArk
; a post-exploitation tool. Is now available for download with RootHelper. The author of this tool is accredited for their work under the 'Acknowledgements' header a little further down in this README.md.
A new version of Linux Exploit Suggester
has been released. It is an updated version based on the old one by PenturaLabs. The author of this tool and others available through RootHelper are accredited for their work below.
LinEnum
Shellscript that enumerates the system configuration.
unix-privesc-check
Shellscript that enumerates the system configuration and runs some privilege escalation checks as well.
BashArk
BashArk is post exploitation tool written in Bash.
Firmwalker
Shellscript that gathers useful information by searching the mounted firmware filesystem. For things such as SSL and web server related files, config files, passwords, common binaries and more.
linuxprivchecker
A python implementation to suggest exploits particular to the system that's been compromised.
Linux_Exploit_Suggester
A perl script that that does the same as the one mentioned above.
To use the script you will need to get it on the system you've compromised with utilities such as git
or wget
depending on what is available to you on that particular system. From there you need to make it executable with chmod +x roothelper.sh
After which run it and it will show you the options available and an informational message regarding the options. For clarity i have posted it below as well.
The 'Help' option displays this informational message.
The 'Download' option fetches the relevant files and places them in the /tmp/ directory.
The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please
note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead
The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.
There's another script on my Github that follows the general principles of this script however it aims to be more comprehensive with regards to it's capabilities. Besides downloading scripts that aid in privilege escalation on a Linux system it also comes with functionality to enumerate the system in question without first having to download any other external tools. It can also search for cleartext credentials and more. It could be considered RootHelper's sister script with an increased richness of features, it can be found by clicking here. If you prefer a minimalsist approach, I got you covered, since both scripts will continue to be maintained and updated for the foreseeable future.
Credits for scripts RootHelper fetches go to their original authors.
Linux Priv Checker by SecuritySift