update
This commit is contained in:
parent
8c42a9065a
commit
0fac5c75b0
39
deepce.sh
39
deepce.sh
@ -369,7 +369,7 @@ userCheck() {
|
||||
printQuestion "User ...................."
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
isUserRoot="1"
|
||||
printSuccess "root"
|
||||
printEx "root"
|
||||
else
|
||||
printSuccess "$(whoami)"
|
||||
fi
|
||||
@ -377,6 +377,29 @@ userCheck() {
|
||||
printQuestion "Groups .................."
|
||||
groups=$(groups| sed "s/\($DANGEROUS_GROUPS\)/${LG}${EX}&${NC}${DG}/g")
|
||||
printStatus "$groups" "None"
|
||||
|
||||
if ! [ $isUserRoot ]; then
|
||||
printQuestion "Sudo ...................."
|
||||
if [ -x "$(command -v sudo)" ]; then
|
||||
if sudo -n -l 2>/dev/null; then
|
||||
printEx "Passwordless Sudo"
|
||||
isUserHasSudo="1"
|
||||
else
|
||||
printError "Password required"
|
||||
fi
|
||||
else
|
||||
printError "sudo not found"
|
||||
fi
|
||||
else
|
||||
printQuestion "Sudoers ................."
|
||||
if [ -r /etc/sudoers ]; then
|
||||
sudoers=$(grep -v "#\|^$\|^Defaults\|@include" /etc/sudoers)
|
||||
printYes
|
||||
printStatus "$sudoers"
|
||||
else
|
||||
printNo
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
dockerSockCheck() {
|
||||
@ -443,9 +466,7 @@ enumerateContainer() {
|
||||
|
||||
containerID() {
|
||||
# Get container ID
|
||||
containerID="$(cat /etc/hostname)"
|
||||
#containerID="$(hostname)"
|
||||
#containerID="$(uname -n)"
|
||||
containerID="$(cat /etc/hostname || uname -n || hostname)"
|
||||
# Get container full ID
|
||||
printResult "Container ID ............" "$containerID" "Unknown"
|
||||
|
||||
@ -807,17 +828,18 @@ findInterestingFiles() {
|
||||
printNo
|
||||
fi
|
||||
|
||||
hashes=$(cut -d':' -f2 < /etc/shadow 2>/dev/null | grep -v '^*$\|^!')
|
||||
printQuestion "Hashes in shadow file ..............."
|
||||
if test -r /etc/shadow; then
|
||||
hashes=$(cut -d':' -f2 < /etc/shadow 2>/dev/null | grep -v '^*$\|^!')
|
||||
if [ "$hashes" ]; then
|
||||
printYes
|
||||
printStatus "$hashes"
|
||||
elif test -r /etc/shadow; then
|
||||
# Cannot check...
|
||||
printFail "No permissions"
|
||||
else
|
||||
printNo
|
||||
fi
|
||||
else
|
||||
printFail "Not readable"
|
||||
fi
|
||||
|
||||
# TODO: Check this file /run/secrets/
|
||||
|
||||
@ -829,7 +851,6 @@ findInterestingFiles() {
|
||||
printMsg "$(ls -lAh "$p")"
|
||||
fi
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
checkDockerRootless() {
|
||||
|
434
linpeas.sh
434
linpeas.sh
File diff suppressed because one or more lines are too long
29
lse.sh
29
lse.sh
@ -5,7 +5,7 @@
|
||||
# Author: Diego Blanco <diego.blanco@treitos.com>
|
||||
# GitHub: https://github.com/diego-treitos/linux-smart-enumeration
|
||||
#
|
||||
lse_version="4.13nw"
|
||||
lse_version="4.14nw"
|
||||
|
||||
##( Colors
|
||||
#
|
||||
@ -89,7 +89,7 @@ lse_procmon_lock=`mktemp`
|
||||
lse_cve_tmp=''
|
||||
|
||||
# printf
|
||||
printf "%s" "$reset" | grep -q '\\' && alias printf="env printf"
|
||||
printf "$reset" | grep -q '\\' && alias printf="env printf"
|
||||
|
||||
#( internal data
|
||||
lse_common_setuid="
|
||||
@ -262,7 +262,7 @@ cecho() { #(
|
||||
printf "%b" "$@"
|
||||
else
|
||||
# If color is disabled we remove it
|
||||
printf "%b" "$@" | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g'
|
||||
printf "%b" "$@" | sed -r 's/(\x1B|\\e)\[[0-9;:]+[A-Za-z]//g'
|
||||
fi
|
||||
} #)
|
||||
lse_recolor() { #(
|
||||
@ -381,6 +381,8 @@ lse_test() { #(
|
||||
local deps="$5"
|
||||
# Variable name where to store the output
|
||||
local var="$6"
|
||||
# Flags affecting the execution of certain tests
|
||||
local flags="$7"
|
||||
|
||||
# Define colors
|
||||
local l="${lred}!"
|
||||
@ -408,6 +410,12 @@ lse_test() { #(
|
||||
printf "."
|
||||
done
|
||||
|
||||
# Check if test should be skipped when running as root
|
||||
if [ "$lse_user_id" -eq 0 ] && [ "$flags" = "rootskip" ]; then
|
||||
cecho " ${grey}skip\n"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Check dependencies
|
||||
local non_met_deps=""
|
||||
for d in $deps; do
|
||||
@ -482,6 +490,10 @@ lse_show_info() { #(
|
||||
echo
|
||||
cecho "${green}=====================(${yellow} Current Output Verbosity Level: ${cyan}$lse_level ${green})======================${reset}"
|
||||
echo
|
||||
if [ "$lse_user_id" -eq 0 ]; then
|
||||
cecho "${green}============(${yellow} Already running as ${red}root${yellow}, some tests will be skipped! ${green})============${reset}"
|
||||
echo
|
||||
fi
|
||||
} #)
|
||||
lse_serve() { #(
|
||||
# get port
|
||||
@ -778,7 +790,8 @@ lse_run_tests_filesystem() {
|
||||
# Add symlinks owned by the user (so the user can change where they point)
|
||||
find / -path "$lse_home" -prune -o $lse_find_opts -type l -user $lse_user -print' \
|
||||
"" \
|
||||
"lse_user_writable"
|
||||
"lse_user_writable" \
|
||||
"rootskip"
|
||||
|
||||
#get setuid binaries
|
||||
lse_test "fst010" "1" \
|
||||
@ -906,7 +919,8 @@ lse_run_tests_filesystem() {
|
||||
#files owned by user
|
||||
lse_test "fst500" "2" \
|
||||
"Files owned by user '$lse_user'" \
|
||||
'find / $lse_find_opts -user $lse_user -type f -exec ls -al {} \;'
|
||||
'find / $lse_find_opts -user $lse_user -type f -exec ls -al {} \;' \
|
||||
"" "" "rootskip"
|
||||
|
||||
#check for SSH files anywhere
|
||||
lse_test "fst510" "2" \
|
||||
@ -1356,6 +1370,11 @@ lse_run_tests_software() {
|
||||
"Can we access MongoDB databases without credentials?" \
|
||||
'echo "show dbs" | mongo --quiet | grep -E "(admin|config|local)"'
|
||||
|
||||
#find kerberos credentials
|
||||
lse_test "sof180" "0" \
|
||||
"Can we access any Kerberos credentials?" \
|
||||
'find / $lse_find_opts -name "*.so" -prune -o \( -name "krb5cc*" -o -name "*.ccache" -o -name "*.kirbi" -o -name "*.keytab" \) -type f -readable -exec ls -lh {} +'
|
||||
|
||||
#sudo version - check to see if there are any known vulnerabilities with this
|
||||
lse_test "sof500" "2" \
|
||||
"Sudo version" \
|
||||
|
@ -98,6 +98,8 @@ class ShellListener:
|
||||
print("RECV first prompt")
|
||||
else:
|
||||
self.raw_output += data
|
||||
for callback in self.on_message:
|
||||
callback(data)
|
||||
|
||||
print("[-] Disconnected")
|
||||
self.connection = None
|
||||
|
7
util.py
7
util.py
@ -314,11 +314,12 @@ def rpad(x, n, b=b"\x00"):
|
||||
return pad(x, n, b, "r")
|
||||
|
||||
def pad(x, n, b=b"\x00", s="r"):
|
||||
if len(x) % n != 0:
|
||||
pad_len = len(x) % n
|
||||
if pad_len != 0:
|
||||
if s == "r":
|
||||
x += (n-(len(x)%n))*b
|
||||
x += b * (n - pad_len)
|
||||
elif s == "l":
|
||||
x = (n-(len(x)%n))*b + x
|
||||
x = b * (n - pad_len) + x
|
||||
return x
|
||||
|
||||
def xor(a, b, *args):
|
||||
|
Binary file not shown.
File diff suppressed because one or more lines are too long
@ -363,7 +363,7 @@ CALL :T_Progress 1
|
||||
|
||||
:WifiCreds
|
||||
CALL :ColorLine " %E%33m[+]%E%97m WIFI"
|
||||
for /f "tokens=4 delims=: " %%a in ('netsh wlan show profiles ^| find "Profile "') do (netsh wlan show profiles name=%%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & ECHO.)
|
||||
for /f "tokens=3,* delims=: " %%a in ('netsh wlan show profiles ^| find "Profile "') do (netsh wlan show profiles name=%%b key=clear | findstr "SSID Cipher Content" | find /v "Number" & ECHO.)
|
||||
CALL :T_Progress 1
|
||||
|
||||
:BasicUserInfo
|
||||
|
BIN
win/winPEAS.exe
BIN
win/winPEAS.exe
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user