Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Project Update

Browse Source
This commit is contained in:
Roman Hergenreder
2021-05-03 22:35:31 +02:00
parent 3b9757ebeb
commit eadff755a0
16 changed files with 2902 additions and 2108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
LinEnum.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
#A script to enumerate local information from a Linux host
version="version 0.98"
version="version 0.982"
#@rebootuser
#help function
@@ -375,7 +375,9 @@ fi
#current path configuration
pathinfo=`echo $PATH 2>/dev/null`
if [ "$pathinfo" ]; then
pathswriteable=`ls -ld $(echo $PATH | tr ":" " ")`
echo -e "\e[00;31m[-] Path information:\e[00m\n$pathinfo"
echo -e "$pathswriteable"
echo -e "\n"
fi
@@ -737,25 +739,25 @@ if [ "$postgver" ]; then
fi
#checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this
postcon1=`psql -U postgres template0 -c 'select version()' 2>/dev/null | grep version`
postcon1=`psql -U postgres -w template0 -c 'select version()' 2>/dev/null | grep version`
if [ "$postcon1" ]; then
echo -e "\e[00;33m[+] We can connect to Postgres DB 'template0' as user 'postgres' with no password!:\e[00m\n$postcon1"
echo -e "\n"
fi
postcon11=`psql -U postgres template1 -c 'select version()' 2>/dev/null | grep version`
postcon11=`psql -U postgres -w template1 -c 'select version()' 2>/dev/null | grep version`
if [ "$postcon11" ]; then
echo -e "\e[00;33m[+] We can connect to Postgres DB 'template1' as user 'postgres' with no password!:\e[00m\n$postcon11"
echo -e "\n"
fi
postcon2=`psql -U pgsql template0 -c 'select version()' 2>/dev/null | grep version`
postcon2=`psql -U pgsql -w template0 -c 'select version()' 2>/dev/null | grep version`
if [ "$postcon2" ]; then
echo -e "\e[00;33m[+] We can connect to Postgres DB 'template0' as user 'psql' with no password!:\e[00m\n$postcon2"
echo -e "\n"
fi
postcon22=`psql -U pgsql template1 -c 'select version()' 2>/dev/null | grep version`
postcon22=`psql -U pgsql -w template1 -c 'select version()' 2>/dev/null | grep version`
if [ "$postcon22" ]; then
echo -e "\e[00;33m[+] We can connect to Postgres DB 'template1' as user 'psql' with no password!:\e[00m\n$postcon22"
echo -e "\n"
@@ -825,7 +827,8 @@ echo -e "\e[00;31m[-] Can we read/write sensitive files:\e[00m" ; ls -la /etc/pa
echo -e "\n"
#search for suid files
findsuid=`find / -perm -4000 -type f -exec ls -la {} 2>/dev/null \;`
allsuid=`find / -perm -4000 -type f 2>/dev/null`
findsuid=`find $allsuid -perm -4000 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$findsuid" ]; then
echo -e "\e[00;31m[-] SUID files:\e[00m\n$findsuid"
echo -e "\n"
@@ -837,28 +840,29 @@ if [ "$export" ] && [ "$findsuid" ]; then
fi
#list of 'interesting' suid files - feel free to make additions
intsuid=`find / -perm -4000 -type f -exec ls -la {} \; 2>/dev/null | grep -w $binarylist 2>/dev/null`
intsuid=`find $allsuid -perm -4000 -type f -exec ls -la {} \; 2>/dev/null | grep -w $binarylist 2>/dev/null`
if [ "$intsuid" ]; then
echo -e "\e[00;33m[+] Possibly interesting SUID files:\e[00m\n$intsuid"
echo -e "\n"
fi
#lists word-writable suid files
wwsuid=`find / -perm -4002 -type f -exec ls -la {} 2>/dev/null \;`
#lists world-writable suid files
wwsuid=`find $allsuid -perm -4002 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$wwsuid" ]; then
echo -e "\e[00;33m[+] World-writable SUID files:\e[00m\n$wwsuid"
echo -e "\n"
fi
#lists world-writable suid files owned by root
wwsuidrt=`find / -uid 0 -perm -4002 -type f -exec ls -la {} 2>/dev/null \;`
wwsuidrt=`find $allsuid -uid 0 -perm -4002 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$wwsuidrt" ]; then
echo -e "\e[00;33m[+] World-writable SUID files owned by root:\e[00m\n$wwsuidrt"
echo -e "\n"
fi
#search for sgid files
findsgid=`find / -perm -2000 -type f -exec ls -la {} 2>/dev/null \;`
allsgid=`find / -perm -2000 -type f 2>/dev/null`
findsgid=`find $allsgid -perm -2000 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$findsgid" ]; then
echo -e "\e[00;31m[-] SGID files:\e[00m\n$findsgid"
echo -e "\n"
@@ -870,21 +874,21 @@ if [ "$export" ] && [ "$findsgid" ]; then
fi
#list of 'interesting' sgid files
intsgid=`find / -perm -2000 -type f -exec ls -la {} \; 2>/dev/null | grep -w $binarylist 2>/dev/null`
intsgid=`find $allsgid -perm -2000 -type f -exec ls -la {} \; 2>/dev/null | grep -w $binarylist 2>/dev/null`
if [ "$intsgid" ]; then
echo -e "\e[00;33m[+] Possibly interesting SGID files:\e[00m\n$intsgid"
echo -e "\n"
fi
#lists world-writable sgid files
wwsgid=`find / -perm -2002 -type f -exec ls -la {} 2>/dev/null \;`
wwsgid=`find $allsgid -perm -2002 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$wwsgid" ]; then
echo -e "\e[00;33m[+] World-writable SGID files:\e[00m\n$wwsgid"
echo -e "\n"
fi
#lists world-writable sgid files owned by root
wwsgidrt=`find / -uid 0 -perm -2002 -type f -exec ls -la {} 2>/dev/null \;`
wwsgidrt=`find $allsgid -uid 0 -perm -2002 -type f -exec ls -la {} 2>/dev/null \;`
if [ "$wwsgidrt" ]; then
echo -e "\e[00;33m[+] World-writable SGID files owned by root:\e[00m\n$wwsgidrt"
echo -e "\n"
@@ -1225,6 +1229,14 @@ if [ "$checkbashhist" ]; then
echo -e "\n"
fi
#any .bak files that may be of interest
bakfiles=`find / -name *.bak -type f 2</dev/null`
if [ "$bakfiles" ]; then
echo -e "\e[00;31m[-] Location and Permissions (if accessible) of .bak file(s):\e[00m"
for bak in `echo $bakfiles`; do ls -la $bak;done
echo -e "\n"
fi
#is there any mail accessible
readmail=`ls -la /var/mail 2>/dev/null`
if [ "$readmail" ]; then