darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 4_Capabilities.sh: Fix capability decoding to prevent sequence number output

Browse Source 
Testing confirmed that certain capability values (specifically ffffffffffffffff) cause memory allocation errors in capsh:
"xrealloc: cannot allocate 716488832 bytes (57344 bytes allocated)"

These memory errors were being propagated into the output, causing the long sequence of numbers. The fix prevents these errors from affecting the script's output.
This commit is contained in:
ThatTotallyRealMyth 2025-05-18 16:05:01 +10:00 committed by GitHub
parent ef28ef7a33
commit 01bf3a4ef8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
linPEAS/builder/linpeas_parts/8_interesting_perms_files/4_Capabilities.sh
View File

@ -11,33 +11,59 @@
# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln # Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln
# Fat linpeas: 0 # Fat linpeas: 0
# Small linpeas: 1 # Small linpeas: 1
if ! [ "$SEARCH_IN_FOLDER" ]; then if ! [ "$SEARCH_IN_FOLDER" ]; then
print_2title "Capabilities" print_2title "Capabilities"
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities" print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities"
if [ "$(command -v capsh || echo -n '')" ]; then if [ "$(command -v capsh || echo -n '')" ]; then
print_3title "Current shell capabilities" print_3title "Current shell capabilities"
cat "/proc/$$/status" | grep Cap | while read -r cap_line; do cat "/proc/$$/status" | grep Cap | while read -r cap_line; do
cap_name=$(echo "$cap_line" | awk '{print $1}') cap_name=$(echo "$cap_line" | awk '{print $1}')
cap_value=$(echo "$cap_line" | awk '{print $2}') cap_value=$(echo "$cap_line" | awk '{print $2}')
if [ "$cap_name" = "CapEff:" ]; then if [ "$cap_name" = "CapEff:" ]; then
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")" # Add validation check for cap_value
# For more POSIX-compliant formatting, the following could be used instead:
# if echo "$cap_value" | grep -E '^[0-9a-fA-F]+$' > /dev/null 2>&1; then
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
else
echo "$cap_name [Invalid capability format]"
fi
else else
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")" # Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
else
echo "$cap_name [Invalid capability format]"
fi
fi fi
done done
echo "" echo ""
print_info "Parent process capabilities" print_info "Parent process capabilities"
cat "/proc/$PPID/status" | grep Cap | while read -r cap_line; do cat "/proc/$PPID/status" | grep Cap | while read -r cap_line; do
cap_name=$(echo "$cap_line" | awk '{print $1}') cap_name=$(echo "$cap_line" | awk '{print $1}')
cap_value=$(echo "$cap_line" | awk '{print $2}') cap_value=$(echo "$cap_line" | awk '{print $2}')
if [ "$cap_name" = "CapEff:" ]; then if [ "$cap_name" = "CapEff:" ]; then
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")" # Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
else
echo "$cap_name [Invalid capability format]"
fi
else else
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")" # Add validation check for cap_value
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
# so we redirect stderr to prevent error propagation
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
else
echo "$cap_name [Invalid capability format]"
fi
fi fi
done done
echo "" echo ""
@ -69,10 +95,9 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
if ! [ "$capsVB_vuln" ]; then if ! [ "$capsVB_vuln" ]; then
echo "$cb" | sed -${E} "s,$capsB,${SED_RED}," echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
fi fi
if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
fi fi
done done
echo "" echo ""
fi fi