Shulou(Shulou.com)06/02 Report--

This article is about how to use LES for penetration testing of Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Tool introduction

In order to complete the penetration testing task and be compatible with different Linux distribution systems, LES uses a large number of heuristic methods to achieve its main functions, and generates a list of candidate vulnerabilities for a given Linux device to minimize false positives and false positives. In addition, because of the utility of the tool and the convenience of maintenance, the tool implements the following features:

1. Subsystem tags, aiming at most popular Linux distributions, including Debian, Ubuntu, RHEL/CentOS.

2. User space analysis subsystem, which fully supports the distribution system based on deb and rpm, and some supports other distributions.

In earlier versions of LES, LES only dealt with the kernel version, which completely skipped the issue of the release version, and most of the main processing functions were implemented through Linux_Exploit_Suggester scripts. However, this approach is not very effective because it is prone to false positives, resulting in a large number of vulnerabilities that require manual analysis.

Over time, LES has also improved and solved the previous problem by generating a list of candidate vulnerabilities:

1. Generate an initial vulnerability list based on the kernel version

2. Check the "tag" hit rate of each vulnerability

3. Discard exploits that are not applicable based on "additional checks"

4. Calculate the internal metric ("level") of each candidate vulnerability and sort the list according to the calculation.

Next, we will discuss them one by one.

Generate an initial vulnerability list based on the kernel version

This is the first step in reducing the number of candidate vulnerabilities for a given device. LES parses the output of the uname command and obtains the exact kernel version information, which is then compared with the version information defined in the exploit code. For example: Reqs: pkg=linux-kernel,ver > = 4.4 uname 3.2 and = 4.4.0 ver pkgsListing.txtpentester-host$./les.sh-- uname "--pkglist-filepkgsListing.txt

Before testing for vulnerabilities on the target device, we usually need to check whether the target kernel uses other hardening measures:

$. / les.sh-- the checksec tool quickly downloads wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh-O les.sh. Thank you for reading! This is the end of this article on "how to use LES to conduct penetration testing of Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.