Skip to content

rharp86/UBPEAS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
ubpeas.sh
ubpeas.sh
 
 

Repository files navigation

UBPEAS

UBPEAS - Privilege Escalation Enumeration Script for Ubuntu

Created by: Robert Harp

ubpeas.sh is a lightweight, yet powerful enumeration script tailored specifically for secured Ubuntu systems. This script focuses exclusively on Ubuntu distributions and provides an extensive assessment of privilege escalation vectors. Additionally, it checks for containerized, cloud, and Kubernetes environments, as well as any installed databases. ubpeas.sh was created to run on Ubuntu systems the are secure and when linpeas.sh is restricted from running on those Ubuntu systems.

Features

•	Privilege Escalation Vectors:
•	Identifies misconfigurations, weak file permissions, and setuid binaries.
•	Detects services running with elevated privileges.
•	Container and Cloud Awareness:
•	Enumerates Docker containers and related configurations.
•	Detects the presence of cloud environments (AWS, Azure, GCP).
•	Kubernetes Environment Checks:
•	Checks for exposed Kubernetes configurations.
•	Identifies Kubernetes-related credentials and tokens.
•	Database Enumeration:
•	Discovers installed databases (e.g., MySQL, PostgreSQL, MongoDB, etc.).
•	Checks for misconfigured database files or credentials.
•	RHEL-Specific:
•	Tailored checks for RHEL-based systems, ensuring high accuracy and relevance.

Installation

1.	Clone the repository or download the script:
git clone https://github.com/rharp86/UBPEAS.git
cd UBPEAS

2.	Make the script executable:
chmod +x ubpeas.sh

Usage

Run the script as a user with limited privileges. For the best results, use it on a system you have legitimate access to as part of a security assessment or penetration test.

Basic Usage:

./ubpeas.sh

Can also run with sudo:

sudo ./ubpeas.sh

Default Output:

The Script defaults the output to txt by the coding in the script. If you enter the follow: ./rhelpeas.sh | tee rhelpeas_output.html (json or csv), the script will still generate a output text file.

Save Output to a File:

./ubpeas.sh | tee ubpeas_output.html or

./ubpeas.sh | tee ubpeas_output.json or

./ubpeas.sh | tee ubpeas_output.csv

Output

The script will generate a detailed enumeration report, highlighting potential privilege escalation vectors, including but not limited to:

•	Misconfigured permissions.
•	Vulnerable binaries.
•	Exposed credentials and tokens.
•	Docker, Kubernetes, cloud, and database-related risks.

Requirements

•	Ubuntu-based system.
•	Bash shell.

Legal Disclaimer

This script is intended for authorized use only. It is designed to assist security professionals in identifying misconfigurations and potential privilege escalation vulnerabilities in Ubuntu systems. Misuse of this script can result in severe legal consequences. The author disclaims any liability for actions taken with this tool.

Contributing

Feel free to open issues or pull requests to improve RHELpeas.sh. Contributions are welcome!

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

Ubuntu Privilege Escalation Enumeration Tool

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages