github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-20 12:39:21 +01:00
Code Releases Activity

Modifiied Files last 5 min

Browse Source
This commit is contained in:
carles cabre 2020-02-28 19:11:22 +01:00
parent 35b6cafe72
commit 7ebe4d2465
1 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
linPEAS/linpeas.sh
View File

@ -1554,34 +1554,39 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
(for f in `find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal"`; do if [ -r $f ]; then ls -l $f 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"; fi; done) || echo_not_found
echo ""
fi
##-- 14IF) Modified interesting files into specific folders in the last 5mins
printf $Y"[+] "$GREEN"Modified interesting files in the last 5mins\n"$NC
(find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/*" 2>/dev/null) || echo_not_found
echo ""
##-- 14IF) Files inside my home
##-- 15IF) Files inside my home
printf $Y"[+] "$GREEN"Files inside $HOME (limit 20)\n"$NC
(ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found
echo ""
##-- 15IF) Files inside /home
##-- 16IF) Files inside /home
printf $Y"[+] "$GREEN"Files inside others home (limit 20)\n"$NC
(find /home -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found
echo ""
##-- 16IF) Mail applications
##-- 17IF) Mail applications
printf $Y"[+] "$GREEN"Looking for installed mail applications\n"$NC
ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc | grep -wi $mail_apps
echo ""
##-- 17IF) Mails
##-- 18IF) Mails
printf $Y"[+] "$GREEN"Mails (limit 50)\n"$NC
(find /var/mail/ /var/spool/mail/ -type f 2>/dev/null | head -n 50) || echo_not_found
echo ""
##-- 18IF) Backup files
##-- 19IF) Backup files
printf $Y"[+] "$GREEN"Backup files?\n"$NC
backs=`find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) 2>/dev/null`
for b in $backs; do if [ -r $b ]; then ls -l "$b" | grep -v $notBackup | sed "s,backup\|bck\|\.bak\|\.old,${C}[1;31m&${C}[0m,g"; fi; done
echo ""
##-- 19IF) DB files
##-- 20IF) DB files
printf $Y"[+] "$GREEN"Looking for tables inside readable .db/.sqlite files (limit 100)\n"$NC
dbfiles=`find /var /etc /home /root /tmp /opt -type f \( -name "*.db" -o -name "*.sqlite" -o -name "*.sqlite3" \) 2>/dev/null | grep -v "/man/\|^/usr/\|^/var/cache/" | head -n 100`
if [ "$dbfiles" ]; then
@ -1624,7 +1629,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
fi
echo ""
##-- 20IF) Web files
##-- 21IF) Web files
printf $Y"[+] "$GREEN"Web files?(output limit)\n"$NC
ls -alhR /var/www/ 2>/dev/null | head
ls -alhR /srv/www/htdocs/ 2>/dev/null | head
@ -1632,7 +1637,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head
echo ""
##-- 21IF) Interesting files
##-- 22IF) Interesting files
printf $Y"[+] "$GREEN"Readable *_history, .sudo_as_admin_successful, profile, bashrc, httpd.conf, .plan, .htpasswd, .gitconfig, .git-credentials, .git, .svn, .rhosts, hosts.equiv, Dockerfile, docker-compose.yml\n"$NC
printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#read-sensitive-data\n"$NC
fils=`find /etc /home /root /tmp /usr /opt /mnt /var/backups /var/www /var/opt /var/cache \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "*httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".gitconfig" -o -name ".git-credentials" -o -name ".git" -o -name ".svn" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null`
@ -1656,18 +1661,18 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
done
echo ""
##-- 22IF) All hidden files
##-- 23IF) All hidden files
printf $Y"[+] "$GREEN"All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)\n"$NC
find / -type f -iname ".*" -exec ls -l {} \; 2>/dev/null | grep -v "/sys/\|_history$\|.sudo_as_admin_successful\|\.profile\|\.bashrc\|\.plan\|\.htpasswd\|.gitconfig\|\.git-credentials\|\.rhosts\|\.gitignore\|.npmignore\|\.listing\|\.ignore\|\.uuid\|.depend\|.placeholder\|.gitkeep\|.keep" | head -n 70
echo ""
##-- 23IF) Readable files in /tmp, /var/tmp, /var/backups
##-- 24IF) Readable files in /tmp, /var/tmp, /var/backups
printf $Y"[+] "$GREEN"Readable files inside /tmp, /var/tmp, /var/backups(limit 70)\n"$NC
filstmpback=`find /tmp /var/tmp /var/backups -type f 2>/dev/null | head -n 70`
for f in $filstmpback; do if [ -r $f ]; then ls -l $f 2>/dev/null; fi; done
echo ""
##-- 24IF) Interesting writable files by ownership or all
##-- 25IF) Interesting writable files by ownership or all
if ! [ "$IAMROOT" ]; then
printf $Y"[+] "$GREEN"Interesting writable files owned by me or writable by everyone (not in Home)\n"$NC
printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files\n"$NC
@ -1676,7 +1681,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
echo ""
fi
##-- 25IF) Interesting writable files by group
##-- 26IF) Interesting writable files by group
if ! [ "$IAMROOT" ]; then
printf $Y"[+] "$GREEN"Interesting GROUP writable files (not in Home)\n"$NC
printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files\n"$NC
@ -1687,45 +1692,45 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
echo ""
fi
##-- 26IF) Passwords in config PHP files
##-- 27IF) Passwords in config PHP files
printf $Y"[+] "$GREEN"Searching passwords in config PHP files\n"$NC
configs=`find /var /etc /home /root /tmp /usr /opt -type f -name "*config*.php" 2>/dev/null`
for c in $configs; do grep -i "password.* = ['\"]\|define.*passw\|db_pass" $c 2>/dev/null | grep -v "function\|password.* = \"\"\|password.* = ''" | sed '/^.\{150\}./d' | sort | uniq | sed "s,password\|db_pass,${C}[1;31m&${C}[0m,i"; done
echo ""
##-- 27IF) IPs inside logs
##-- 28IF) IPs inside logs
printf $Y"[+] "$GREEN"Finding IPs inside logs (limit 70)\n"$NC
grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" /var/log/ 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
echo ""
##-- 28IF) Passwords inside logs
##-- 29IF) Passwords inside logs
printf $Y"[+] "$GREEN"Finding passwords inside logs (limit 70)\n"$NC
grep -R -i "pwd\|passw" /var/log/ 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed "s,pwd\|passw,${C}[1;31m&${C}[0m,"
echo ""
##-- 29IF) Emails inside logs
##-- 30IF) Emails inside logs
printf $Y"[+] "$GREEN"Finding emails inside logs (limit 70)\n"$NC
grep -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" /var/log/ 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed "s,$knw_emails,${C}[1;32m&${C}[0m,g"
echo ""
##-- 30IF) Passwords files in home
##-- 31IF) Passwords files in home
printf $Y"[+] "$GREEN"Finding *password* or *credential* files in home (limit 70)\n"$NC
(find /home /root -type f \( -name "*password*" -o -name "*credential*" -o -name "creds*" \) 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " There are more creds/passwds files in the previous parent folder"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed "s,password\|credential,${C}[1;31m&${C}[0m," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[1;32m&${C}[0m,") || echo_not_found
echo ""
if ! [ "$SUPERFAST" ]; then
##-- 31IF) Extract possible passwords
##-- 32IF) Extract possible passwords
printf $Y"[+] "$GREEN"Extracting possible passwords from files in /etc /var/www /root /home\n"$NC
grep -R -i "password.* = ['\"]\|define.*passw" /var/www /root /home 2>/dev/null | grep "\.php" | grep -v "function\|password.* = \"\"\|password.* = ''" | sed '/^.\{150\}./d' | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m,"
grep -R -i "password" /etc 2>/dev/null | grep "conf" | grep -v ":#\|:/\*\|: \*" | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m,"
echo ""
##-- 32IF) Find possible files with passwords
##-- 33IF) Find possible files with passwords
printf $Y"[+] "$GREEN"Finding 'pwd' or 'passw' string inside /home, /var/www, /etc, /root (limit 70)\n"$NC
grep -lRiI "pwd\|passw" /home /var/www /etc /root 2>/dev/null | sort | uniq | head -n 70
echo ""
##-- 33IF) Specific hashes inside files
##-- 34IF) Specific hashes inside files
printf $Y"[+] "$GREEN"Looking for specific hashes inside files - less false positives (limit 70)\n"$NC
regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
@ -1741,7 +1746,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
fi
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then
##-- 34IF) Specific hashes inside files
##-- 35IF) Specific hashes inside files
printf $Y"[+] "$GREEN"Looking for md5/sha1/sha256/sha512 hashes inside files (limit 50)\n"$NC
regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'