Project Update
This commit is contained in:
parent
f640b45acf
commit
1f55516c59
BIN
chisel64
BIN
chisel64
Binary file not shown.
@ -347,7 +347,7 @@ containerCheck() {
|
|||||||
# Are we inside kubenetes?
|
# Are we inside kubenetes?
|
||||||
if grep "/kubepod" /proc/1/cgroup -qa; then
|
if grep "/kubepod" /proc/1/cgroup -qa; then
|
||||||
inContainer="1"
|
inContainer="1"
|
||||||
containerType="kubentes"
|
containerType="kubernetes"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Are we inside LXC?
|
# Are we inside LXC?
|
||||||
|
|||||||
@ -86,6 +86,8 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|||||||
if path in self.server.dumpRequests:
|
if path in self.server.dumpRequests:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
headers["Access-Control-Allow-Origin"] = "*"
|
||||||
|
|
||||||
|
headers["Content-Length"] = len(data)
|
||||||
|
|
||||||
if len(headers) == 0:
|
if len(headers) == 0:
|
||||||
self.send_response(status_code)
|
self.send_response(status_code)
|
||||||
else:
|
else:
|
||||||
@ -149,11 +151,14 @@ class HttpFileServer(HTTPServer):
|
|||||||
if isinstance(data, str):
|
if isinstance(data, str):
|
||||||
data = data.encode("UTF-8")
|
data = data.encode("UTF-8")
|
||||||
|
|
||||||
# return 200 - OK and data
|
headers = {
|
||||||
|
"Access-Control-Allow-Origin": "*",
|
||||||
|
}
|
||||||
if mimeType:
|
if mimeType:
|
||||||
self.addRoute(name, lambda req: (200, data, { "Content-Type": mimeType }))
|
headers["Content-Type"] = headers
|
||||||
else:
|
|
||||||
self.addRoute(name, lambda req: (200, data))
|
# return 200 - OK and data
|
||||||
|
self.addRoute(name, lambda req: (200, data, headers))
|
||||||
|
|
||||||
def dumpRequest(self, name):
|
def dumpRequest(self, name):
|
||||||
self.dumpRequests.append(self.cleanPath(name))
|
self.dumpRequests.append(self.cleanPath(name))
|
||||||
|
|||||||
3905
linpeas.sh
Executable file → Normal file
3905
linpeas.sh
Executable file → Normal file
File diff suppressed because one or more lines are too long
@ -1490,6 +1490,17 @@ exploit-db: https://www.exploit-db.com/exploits/41154
|
|||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
|
|
||||||
|
EXPLOITS_USERSPACE[((n++))]=$(cat <<EOF
|
||||||
|
Name: ${txtgrn}[CVE-2021-4034]${txtrst} PwnKit
|
||||||
|
Reqs: pkg=polkit|policykit-1,ver<=0.105-31
|
||||||
|
Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro
|
||||||
|
Rank: 1
|
||||||
|
analysis-url: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
|
||||||
|
src-url: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
|
||||||
|
author: berdav
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
## security related HW/kernel features
|
## security related HW/kernel features
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|||||||
10
lse.sh
10
lse.sh
@ -5,7 +5,7 @@
|
|||||||
# Author: Diego Blanco <diego.blanco@treitos.com>
|
# Author: Diego Blanco <diego.blanco@treitos.com>
|
||||||
# GitHub: https://github.com/diego-treitos/linux-smart-enumeration
|
# GitHub: https://github.com/diego-treitos/linux-smart-enumeration
|
||||||
#
|
#
|
||||||
lse_version="3.7"
|
lse_version="3.9"
|
||||||
|
|
||||||
#( Colors
|
#( Colors
|
||||||
#
|
#
|
||||||
@ -502,7 +502,8 @@ lse_serve() {
|
|||||||
cecho "${green} * ${white}wget ${reset} '$ip:$port' -O lse.sh; chmod 755 lse.sh\n"
|
cecho "${green} * ${white}wget ${reset} '$ip:$port' -O lse.sh; chmod 755 lse.sh\n"
|
||||||
cecho "${green} * ${white}exec 3<>/dev/tcp/${reset}$ip/$port;printf '\\\\n'>&3;cat<&3>lse.sh;exec 3<&-;chmod 755 lse.sh\n"
|
cecho "${green} * ${white}exec 3<>/dev/tcp/${reset}$ip/$port;printf '\\\\n'>&3;cat<&3>lse.sh;exec 3<&-;chmod 755 lse.sh\n"
|
||||||
done
|
done
|
||||||
nc -l -q0 -p "$port" < "$0" >/dev/null
|
# try nc with '-N' (openbsd), then ncat and then use '-q0' (traditional)
|
||||||
|
nc -l -N -p "$port" < "$0" >/dev/null 2>/dev/null || nc -l --send-only -p "$port" < "$0" >/dev/null 2>/dev/null || nc -l -q0 -p "$port" < "$0" >/dev/null
|
||||||
}
|
}
|
||||||
lse_header() {
|
lse_header() {
|
||||||
local id="$1"
|
local id="$1"
|
||||||
@ -1262,6 +1263,11 @@ lse_run_tests_software() {
|
|||||||
"Can we write to screen session sockets from other users?" \
|
"Can we write to screen session sockets from other users?" \
|
||||||
'find /run/screen -type s -writable -regex "/run/screen/S-.+/.+" ! -user $lse_user -exec ls -l {} +'
|
'find /run/screen -type s -writable -regex "/run/screen/S-.+/.+" ! -user $lse_user -exec ls -l {} +'
|
||||||
|
|
||||||
|
#check connection to mongoDB
|
||||||
|
lse_test "sof170" "1" \
|
||||||
|
"Can we access MongoDB databases without credentials?" \
|
||||||
|
'echo "show dbs" | mongo --quiet | grep -E "(admin|config|local)"'
|
||||||
|
|
||||||
#sudo version - check to see if there are any known vulnerabilities with this
|
#sudo version - check to see if there are any known vulnerabilities with this
|
||||||
lse_test "sof500" "2" \
|
lse_test "sof500" "2" \
|
||||||
"Sudo version" \
|
"Sudo version" \
|
||||||
|
|||||||
2
util.py
2
util.py
@ -193,7 +193,7 @@ if __name__ == "__main__":
|
|||||||
output = set_exif_data(payload, _in, _out, tag)
|
output = set_exif_data(payload, _in, _out, tag)
|
||||||
sys.stdout.buffer.write(output)
|
sys.stdout.buffer.write(output)
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
elif command == "help":
|
else:
|
||||||
print("Usage: %s [command]" % bin)
|
print("Usage: %s [command]" % bin)
|
||||||
print("Available commands:")
|
print("Available commands:")
|
||||||
print(" help, getAddress, pad, exifImage")
|
print(" help, getAddress, pad, exifImage")
|
||||||
|
|||||||
BIN
win/chisel.exe
BIN
win/chisel.exe
Binary file not shown.
BIN
win/chisel64.exe
BIN
win/chisel64.exe
Binary file not shown.
@ -237,7 +237,7 @@ CALL :T_Progress 2
|
|||||||
:RemodeDeskCredMgr
|
:RemodeDeskCredMgr
|
||||||
CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
|
CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
|
||||||
ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
|
ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
|
||||||
IF exist "%AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
||||||
ECHO.
|
ECHO.
|
||||||
CALL :T_Progress 1
|
CALL :T_Progress 1
|
||||||
|
|
||||||
|
|||||||
BIN
win/winPEAS.exe
BIN
win/winPEAS.exe
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user