Bashscriptpurposedforsystemenumeration,vulnerabilityidentificationandprivilegeescalation.
MIDAMultitooldrawsfunctionalityfromseveralofmypreviousscriptsnamelySysEnumandRootHelperandisinsomeregardsRootHelperssuccessor,orsisterscriptattheveryleast.
Besidesfunctionalityfromthesetwopreviousscriptsitincorporatessomeofit'sownandassuchaimstobeacomprehensiveassistantforoperationsandutilitiesrelatedtosystemenumeration,vulnerabilityidentification,exploitationandprivilegeescalation.
UsageAfterasystemhasbeensuccesfullycompromisedMIDAshouldbedownloadedtothehostinquestioneitherwithgitorwget,afterithasbeenunpacked/clonedtheshellscriptneedstobemadeexecutablewithchmod+xmida.sh
Upondoingsoitcanberunonthetargethost.Theoptionsavailabletotheuserarebelow.
The'Usage'optionprintsthisinformationalmessage.Theoption'SystemEnumeration'attemptstoretrievesysteminformationsuchasOSandkerneldetails,networkstatus,processes,systemlogsandmore.'CommonUtilities'checksfortheexistenceofusefulutilitiessuchastelnet,netcat,tcpdumpetc.'ExternalUtilities'opensamenuwhichletsyoudownloadexternalutilitiesthatmayprovetobehelpfulwithfurtherenumeration,vulnerabilityidentificationandprivilegeescalation.
Finallytheoption'CleartextCredentials'searchesfortextandwebapplicationfilesthatcontaincertainkeywordsinordertofindpotentialcleartextpasswords.
ScriptsavailablefordownloadwithMIDALinEnumbyRebootUser
FirmwalkerbyCraigz28
BashArkbyTheSecondSun
LUNARbyLateralblast
LinuxPrivCheckerbySecuritySift
LinuxExploitSuggesterbyJondonas
UnixPriv-EscCheckbyPentestmonkey
评论