linpeasv3.0.0
This commit is contained in:
Kali
parent
70d1d626c4
commit
158f62c8dc
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
VERSION="v2.9.9"
|
VERSION="v3.0.0"
|
||||||
ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission."
|
ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission."
|
||||||
|
|
||||||
###########################################
|
###########################################
|
||||||
@ -1536,25 +1536,6 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
|
|||||||
(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -E "s,$groupsB,${C}[1;31m&${C}[0m," | sed -E "s,$groupsVB,${C}[1;31m&${C}[0m," | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed -E "s,$Groups,${C}[1;31;103m&${C}[0m,") || echo_not_found "/etc/polkit-1/localauthority.conf.d"
|
(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -E "s,$groupsB,${C}[1;31m&${C}[0m," | sed -E "s,$groupsVB,${C}[1;31m&${C}[0m," | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed -E "s,$Groups,${C}[1;31;103m&${C}[0m,") || echo_not_found "/etc/polkit-1/localauthority.conf.d"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
#-- UI) Brute su
|
|
||||||
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
|
|
||||||
printf $Y"[+] "$GREEN"Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
|
|
||||||
POSSIBE_SU_BRUTE=`check_if_su_brute`;
|
|
||||||
if [ "$POSSIBE_SU_BRUTE" ]; then
|
|
||||||
SHELLUSERS=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1`
|
|
||||||
printf "$SHELLUSERS\n" | while read u; do
|
|
||||||
echo " Bruteforcing user $u..."
|
|
||||||
su_brute_user_num $u $PASSTRY
|
|
||||||
done
|
|
||||||
else
|
|
||||||
printf $GREEN"It's not possible to brute-force su.\n\n"$NC
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
printf $Y"[+] "$GREEN"Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
|
|
||||||
fi
|
|
||||||
printf $Y"[+] "$GREEN"Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
#-- UI) Superusers
|
#-- UI) Superusers
|
||||||
printf $Y"[+] "$GREEN"Superusers\n"$NC
|
printf $Y"[+] "$GREEN"Superusers\n"$NC
|
||||||
awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
||||||
@ -1571,7 +1552,23 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
no_shells="`cat /etc/passwd 2>/dev/null | grep -Ev "sh$" | cut -d ":" -f 7 | sort | uniq`"
|
||||||
|
unexpected_shells=""
|
||||||
|
printf "$no_shells\n" | while read f; do
|
||||||
|
if [ "`$f -c 'whoami' 2>/dev/null | grep \"$(whoami)\"`" ]; then
|
||||||
|
unexpected_shells="$f\n$unexpected_shells"
|
||||||
|
fi
|
||||||
|
done
|
||||||
cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
||||||
|
if [ "$unexpected_shells" ]; then
|
||||||
|
echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -E "s,/.*,${C}[1;31m&${C}[0m,g"
|
||||||
|
echo "Unexpected users with shells:"
|
||||||
|
printf "$unexpected_shells\n" | while read f; do
|
||||||
|
if [ "$f" ]; then
|
||||||
|
grep -E "${f}$" /etc/passwd | sed -E "s,/.*,${C}[1;31m&${C}[0m,g"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
@ -1591,7 +1588,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
|
|||||||
|
|
||||||
#-- UI) Last logons
|
#-- UI) Last logons
|
||||||
printf $Y"[+] "$GREEN"Last logons\n"$NC
|
printf $Y"[+] "$GREEN"Last logons\n"$NC
|
||||||
last 2>/dev/null | tail | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
(last -Faiw || last) 2>/dev/null | tail | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;31m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
#-- UI) Login info
|
#-- UI) Login info
|
||||||
@ -1603,6 +1600,25 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
|
|||||||
printf $Y"[+] "$GREEN"Password policy\n"$NC
|
printf $Y"[+] "$GREEN"Password policy\n"$NC
|
||||||
grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs"
|
grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
#-- UI) Brute su
|
||||||
|
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
|
||||||
|
printf $Y"[+] "$GREEN"Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
|
||||||
|
POSSIBE_SU_BRUTE=`check_if_su_brute`;
|
||||||
|
if [ "$POSSIBE_SU_BRUTE" ]; then
|
||||||
|
SHELLUSERS=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1`
|
||||||
|
printf "$SHELLUSERS\n" | while read u; do
|
||||||
|
echo " Bruteforcing user $u..."
|
||||||
|
su_brute_user_num $u $PASSTRY
|
||||||
|
done
|
||||||
|
else
|
||||||
|
printf $GREEN"It's not possible to brute-force su.\n\n"$NC
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
printf $Y"[+] "$GREEN"Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
|
||||||
|
fi
|
||||||
|
printf $Y"[+] "$GREEN"Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
|
||||||
|
echo ""
|
||||||
echo ""
|
echo ""
|
||||||
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
|
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user