PSPY is a tool which allows obtaining processes information without having root privileges. With PSPY commands can be executed by other users, cron jobs etc. The information obtained on the screen with different colours, details such as time, date, UID, PID. Sensitive information can be obtained only with permissions. This helps to get root access on numerous systems.
How PSPY works?
Pspy obtains the information of the processes in procfs (Linux process files system). The inotify API is used, which does not need root permissions. With this API, we can get notifications when a file is created, altered or deleted. Pspy monitors with the notify
API the contents of the system /proc folder to try to capture the processes that are created.
Some useful commands are,
● –help: To see all the flags present and their definition
● -p: Enables printing commands to stdout.
● -f: Enables printing file system events to stdout.
● -r: List of directories to watch with Inotify. pspy will watch all subdirectories recursively (by default, watches /usr, /tmp, /etc, /home, /var, and /opt).
● –debug: Prints verbose error messages which are otherwise hidden.
Enum4linux is a tool for enumerating data from Windows and other Linux Operating System. It is written in Perl and is a wrapper around the Samba tools smbclient, rpclient, net and nmblookup.
Some key features are:
Listing of group membership information
Detecting if host is in a work group or a domain
Identifying the remote operating system
Password policy retrieval
Some useful commands are:
● -U : To view the users on the system.
● -S : To view the info on the shares on the system.
● -P : To view the password policy on the system.
● -o : Info on the operating system.
LinEnum is a basic script that automates Local Linux Enumeration & Privilege Escalation checks. It performs over 65 checks and get kernel information to locate possible escalation points such as SUID/GUID files and Sudo/rhost mis-configurations. The script use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified. Usage: ./LinEnum.sh on the target machine.