Ransack Post Exploitation Tool v 0.1 - Ransack is a post exploitation tool to be used by penetration testers. It is more of a proof of concept and its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.

After seeing a lot of posts here on finding information for the OSCP exam, I figured I would try to give people something to 1) think about and 2) others to put to use while performing authorized work. As I am a stickler for going against the grain, its a simple shell script. It could have been written in Perl, Python, Ruby or another language but as usual I chose not to. The reasoning for this is logical and simple: There is never a guarantee that a specific programming language will be installed on a machine. If it is not, that would mean I would have to either install it on my own (which raises the detection rate), re-program it to match the system I am on (which again raises the ratio of detection).

Once on a system, there is no guarantee that 1) you will know what to look for 2) will NOT miss something important because you are scrambling to figure out what the system is, what it does and so fort. The goal was to ransack the system for files that are usually valuable. Those files are copied over and tar'd in order to extract and dissect the data on another machine.

Data extracted includes SSL certificates, SSH keys, config files, and so forth. It will also determine who is in a "juicy" (privileged) group and rasack their directories as well. This will include a user who may be in a group such as wheel, mysql and so forth.

Since its simply a shell script, anyone can modify it to look for just about anything and "ransack" that information as well. Most information can aide a pentester since password reuse is rampant, many configuration files will yield other networks and IP addresses and so forth.

Lastly, lest anyone complain about the tool, the tool was released to aid penetration testers. Not assist malicious individuals. The reality of life dictates people will likely use the tool for nefarious purposes. Much similar to a handgun; a police officer may use his weapon to put down someone deemed as a threat (life saving) while someone else may use a handgun to rob a bank. Don't shoot the messenger there is a valid and legitimate purpose for Ransack.

http://www.infiltrated.net/scripts/ransack.sh
sh ransack.sh

Looks nice, why don't you use "netstat -antupe" instead though?
It lists everything listening on TCP and UDP interfaces along with process information, ports, etc. Just a suggestion, not really important