darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 4_Capabilities.sh: Fix capability decoding to prevent sequence number output

Browse Source 
Testing confirmed that certain capability values (specifically ffffffffffffffff) cause memory allocation errors in capsh:
"xrealloc: cannot allocate 716488832 bytes (57344 bytes allocated)"

These memory errors were being propagated into the output, causing the long sequence of numbers. The fix prevents these errors from affecting the script's output.
This commit is contained in:
ThatTotallyRealMyth 2025-05-18 16:05:01 +10:00 committed by GitHub
parent ef28ef7a33
commit 01bf3a4ef8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
linPEAS/builder/linpeas_parts/8_interesting_perms_files/4_Capabilities.sh
View File

@ -11,33 +11,59 @@
# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln
# Fat linpeas: 0
# Small linpeas: 1
if ! [ "$SEARCH_IN_FOLDER" ]; then
print_2title "Capabilities"
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities"
if [ "$(command -v capsh || echo -n '')" ]; then
print_3title "Current shell capabilities"
cat "/proc/$$/status" | grep Cap | while read -r cap_line; do
cap_name=$(echo "$cap_line" | awk '{print $1}')
cap_value=$(echo "$cap_line" | awk '{print $2}')
if [ "$cap_name" = "CapEff:" ]; then
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
# Add validation check for cap_value
# For more POSIX-compliant formatting, the following could be used instead:
# if echo "$cap_value" | grep -E '^[0-9a-fA-F]+$' > /dev/null 2>&1; then
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
else
echo "$cap_name [Invalid capability format]"
fi
else
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
# Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
else
echo "$cap_name [Invalid capability format]"
fi
fi
done
echo ""
print_info "Parent process capabilities"
cat "/proc/$PPID/status" | grep Cap | while read -r cap_line; do
cap_name=$(echo "$cap_line" | awk '{print $1}')
cap_value=$(echo "$cap_line" | awk '{print $2}')
if [ "$cap_name" = "CapEff:" ]; then
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
# Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
else
echo "$cap_name [Invalid capability format]"
fi
else
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
# Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
else
echo "$cap_name [Invalid capability format]"
fi
fi
done
echo ""
@ -69,10 +95,9 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
if ! [ "$capsVB_vuln" ]; then
echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
fi
if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
fi
done
echo ""
fi
fi