imprv
This commit is contained in:
Carlos Polop
parent
8ce392c4ae
commit
1ac6bc1432
@ -86,6 +86,8 @@ sudoVB1_markup: "peass{SUDOVB1_HERE}"
|
||||
sudoVB2_markup: "peass{SUDOVB2_HERE}"
|
||||
cap_setuid_markup: "peass{CAP_SETUID_HERE}"
|
||||
cap_setgid_markup: "peass{CAP_SETGID_HERE}"
|
||||
les_markup: "peass{LES}"
|
||||
les2_markup: "peass{LES2}"
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1187,6 +1187,21 @@ if echo $CHECKS | grep -q SysI; then
|
||||
macosNotSigned /System/Library/Extensions
|
||||
fi
|
||||
|
||||
if [ "$(command -v bash 2>/dev/null)" ]; then
|
||||
print_2title "Executing Linux Exploit Suggester"
|
||||
les_b64="peass{LES}"
|
||||
echo $les_b64 | base64 -d | bash
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if [ "$(command -v perl 2>/dev/null)" ]; then
|
||||
print_2title "Executing Linux Exploit Suggester 2"
|
||||
les2_b64="peass{LES2}"
|
||||
echo $les2_b64 | base64 -d | perl
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
#-- SY) AppArmor
|
||||
print_2title "Protections"
|
||||
print_list "AppArmor enabled? .............. "$NC
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import re
|
||||
import requests
|
||||
import base64
|
||||
|
||||
from .peasLoaded import PEASLoaded
|
||||
from .peassRecord import PEASRecord
|
||||
@ -24,7 +25,9 @@ from .yamlGlobals import (
|
||||
SUDOVB1_MARKUP,
|
||||
SUDOVB2_MARKUP,
|
||||
CAP_SETUID_MARKUP,
|
||||
CAP_SETGID_MARKUP
|
||||
CAP_SETGID_MARKUP,
|
||||
LES_MARKUP,
|
||||
LES2_MARKUP
|
||||
)
|
||||
|
||||
|
||||
@ -75,6 +78,13 @@ class LinpeasBuilder:
|
||||
|
||||
self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup
|
||||
|
||||
print("[+] Building linux exploit suggesters...")
|
||||
les_b64, les2_b64 = self.__get_linux_exploit_suggesters()
|
||||
assert len(les_b64) > 100
|
||||
assert len(les2_b64) > 100
|
||||
self.__replace_mark(LES_MARKUP, list(les_b64), "")
|
||||
self.__replace_mark(LES2_MARKUP, list(les2_b64), "")
|
||||
|
||||
print("[+] Building GTFOBins lists...")
|
||||
suidVB, sudoVB, capsVB = self.__get_gtfobins_lists()
|
||||
assert len(suidVB) > 185, f"Len suidVB is {len(suidVB)}"
|
||||
@ -271,6 +281,12 @@ class LinpeasBuilder:
|
||||
analise_line += 'done; echo "";'
|
||||
return analise_line
|
||||
|
||||
|
||||
def __get_linux_exploit_suggesters(self) -> tuple:
|
||||
r1 = requests.get("https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh")
|
||||
r2 = requests.get("https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl")
|
||||
return(base64.b64encode(bytes(r1.text, 'utf-8')).decode("utf-8"), base64.b64encode(bytes(r2.text, 'utf-8')).decode("utf-8"))
|
||||
|
||||
def __get_gtfobins_lists(self) -> tuple:
|
||||
r = requests.get("https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins")
|
||||
bins = re.findall(r'/GTFOBins/GTFOBins.github.io/blob/master/_gtfobins/([\w_ \-]+).md', r.text)
|
||||
|
||||
@ -39,4 +39,7 @@ SUIDVB2_MARKUP = YAML_LOADED["suidVB2_markup"]
|
||||
SUDOVB1_MARKUP = YAML_LOADED["sudoVB1_markup"]
|
||||
SUDOVB2_MARKUP = YAML_LOADED["sudoVB2_markup"]
|
||||
CAP_SETUID_MARKUP = YAML_LOADED["cap_setuid_markup"]
|
||||
CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"]
|
||||
CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"]
|
||||
|
||||
LES_MARKUP = YAML_LOADED["les_markup"]
|
||||
LES2_MARKUP = YAML_LOADED["les2_markup"]
|
||||
Loading…
Reference in New Issue
Block a user