LinEnum (Linux Enumeration Script for Privilege Escalation) is a powerful post-exploitation script designed to automate the process of gathering system information and identifying potential privilege escalation vectors on Linux systems. It provides a streamlined way for penetration testers and ethical hackers to perform a comprehensive audit of system misconfigurations, known weaknesses, and exploitable settings.
It is particularly effective in CTFs, OSCP-style boxes, and real-world assessments where quick situational awareness is key.
🔹 Quick Command Snippet
Once you have access to a Linux target system, use the following command to download LinEnum:
> curl -o LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
Then, make it executable and run it:
> chmod +x LinEnum.sh
./LinEnum.sh
This will begin the enumeration process and display detailed output regarding potential privilege escalation paths.
🔍 Overview of LinEnum Usage
How to Use LinEnum
- Download the Script
Usecurlorwgetto download the latest LinEnum script to the compromised machine. - Set Execution Permission
Use
>chmod +x LinEnum.sh
to make the script executable. - Run the Script
Execute it directly:> ./LinEnum.sh - Analyze the Output
Review the generated output in real-time or redirect it to a file for offline analysis:> ./LinEnum.sh > enum_results.txt
📄 Example Output
Sample output from LinEnum might include:
[+] SUID files:
/usr/bin/passwd
/usr/bin/sudo
[+] World-writable files:
/etc/passwd
/var/www/html/index.php
[+] Potential password files:
/etc/shadow
/var/www/html/config.php
[+] Scheduled jobs:
/etc/cron.d/backups
/var/spool/cron/crontabs/root
🧠 How to Interpret the Results
Key Sections to Focus On:
- SUID/SGID Files
These binaries execute with elevated privileges and are often a goldmine for privilege escalation when misconfigured. - World-Writable Files/Directories
May allow an attacker to plant or modify malicious scripts or binaries. - Password Files & Credentials
LinEnum attempts to locate password storage locations, hardcoded credentials, or config files containing sensitive info. - Running Processes
Identifies services and daemons that may be exploitable or misconfigured. - Network Info & Listening Ports
Helps reveal hidden services, backdoors, or opportunities to pivot. - Cron Jobs
Scheduled tasks that can be abused if not secured correctly.
💾 Download LinEnum
For quick access, you can download LinEnum using one of the following methods:
- Download with curl:
> curl -o LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh - Download with wget:
> wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O LinEnum.sh
⚠️ Always verify the source before running scripts on a target system to avoid malicious forks.
✅ Conclusion
LinEnum remains one of the most widely used Linux enumeration scripts in penetration testing due to its speed, simplicity, and thoroughness. While more advanced tools like linPEAS may offer broader checks, LinEnum is a great go-to for rapid privilege escalation reconnaissance on Linux targets.