Privilege Escalation & Enumeration Toolkit

Instalation

git clone https://github.coventry.ac.uk/peelk/4061CEM_CW_2

cd 4061CEM_CW_2
  
python3 main.py

Description

This toolkit was conceived to perform tasks of Privilege Escalation and Local Enumeration. Local Enumeration consisting of analysing a target host for different information that can be used a potential exploitable vulnerability. Privilege Escalation consisting of exploiting a vulnerability in a operating system to gain higher access control through which confidential data can be stolen, and different functionalities can be used as an administrative user.

Features

Enumeration.py – Clifford Fowoson This program allows the user to gather information from a variety of options such as:

1. A general system information like the current user, host name, IP address
2. A socket port scanner which allows the user to type in the IP address of the target host for a connection. Once the range of ports that the user wants to scan is inserted, each port will be tried for a connection of 0.5 seconds. If the port is opened, the latter will be printed out on the screen.
3. A Domain functionality where the user is able to retrieve the IP address related to the domain entered by the user. ShadowScape.py – Matthew Porter This program allows the user to perform different actions such as:
4. Bypassing local security restriction within misconfigured system through the use of GTFOBins, a list of Unix binaries. It allows the user to breakout restricted shells, perform escalation or maintain elevated privileges and also reverse shells.
5. It detects the OS that is running on, allowing the user to perform different tasks depending on the OS. Shell and Revers shell, the use of the sudo command to install packages which will allow the user to gain higher privileges and access control.
6. Once higher access control is gained the program allows the user to upload/ download files from the targets system all while also allowing the user to write and read files on the system. Nmap.py – Michael Musambote This program allows the user to perform an Nmap port scanner opposed to socket scanning, which makes it a much powerful tool as long as Nmap is installed on the target’s system, allowing the system to differentiate between filtered and closed ports Modules Folder – Kyran Peel This module contains multiple files with each a functionality of their own:
7. GeoLocation Enumeration: This script is able to gather information such as IP address, hostname, City, Region, Country, location coordinate, IPS, post code and timezone
8. Patch Detection (Windows): This script allow the user to gather information concerning exploitable flaws within a system such as un-patched and un-updated services, software or system resources.
9. Wi-Fi Password Enumeration: This script is able to gather information concerning which Wi-Fi connections have been established with the device of the target. Some of the retrievable information are profile names and related passwords.
10. Network Config Data: A massive gathering of all network configuration data, conceived to primarily function on Linux devices
11. Environment Variables: A massive gathering of all environment variables, conceive to primarily function on Linux devices. SUID - Mohamed Adulrahmnan This script is able to gather SUID binaries within a Linux system while also performing superuser privilege escalation, through the use of Gtfobins URLs.

Authors and Acknowledgment

Clifford Fowoson – ID: 11109532 Kyran Peel – ID: 11210218 Mohamed MA Mohamed – ID: 11327837 Matthew Porter – ID: 11209452 Mohamed Adulrahmnan – ID: 10347197 Ndomateso Musambote Michael -ID: 11109206