A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys.  I never quite got round to finishing it, but the project could still be useful to pentesters and auditors in its current part-finished state. I’d suggest giving it a […]


Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).  It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be […]


This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.  It currently focusses on local exploitation of Solaris 8 on SPARC, but other version of Solaris are partially supported. Features The current version of exploit-suggester has the following features: Restrict search to […]