From 1ac6bc1432c5fb1153ffc093fc7739b9f636e317 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Thu, 21 Oct 2021 09:25:40 -0400 Subject: [PATCH] imprv --- build_lists/sensitive_files.yaml | 2 ++ linPEAS/builder/linpeas_base.sh | 15 +++++++++++++++ linPEAS/builder/src/linpeasBuilder.py | 18 +++++++++++++++++- linPEAS/builder/src/yamlGlobals.py | 5 ++++- 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index d51c989..89c66d0 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -86,6 +86,8 @@ sudoVB1_markup: "peass{SUDOVB1_HERE}" sudoVB2_markup: "peass{SUDOVB2_HERE}" cap_setuid_markup: "peass{CAP_SETUID_HERE}" cap_setgid_markup: "peass{CAP_SETGID_HERE}" +les_markup: "peass{LES}" +les2_markup: "peass{LES2}" diff --git a/linPEAS/builder/linpeas_base.sh b/linPEAS/builder/linpeas_base.sh index b2bdf56..1e6161b 100755 --- a/linPEAS/builder/linpeas_base.sh +++ b/linPEAS/builder/linpeas_base.sh @@ -1187,6 +1187,21 @@ if echo $CHECKS | grep -q SysI; then macosNotSigned /System/Library/Extensions fi + if [ "$(command -v bash 2>/dev/null)" ]; then + print_2title "Executing Linux Exploit Suggester" + les_b64="peass{LES}" + echo $les_b64 | base64 -d | bash + echo "" + fi + + if [ "$(command -v perl 2>/dev/null)" ]; then + print_2title "Executing Linux Exploit Suggester 2" + les2_b64="peass{LES2}" + echo $les2_b64 | base64 -d | perl + echo "" + fi + + #-- SY) AppArmor print_2title "Protections" print_list "AppArmor enabled? .............. "$NC diff --git a/linPEAS/builder/src/linpeasBuilder.py b/linPEAS/builder/src/linpeasBuilder.py index ad3244e..7880e48 100644 --- a/linPEAS/builder/src/linpeasBuilder.py +++ b/linPEAS/builder/src/linpeasBuilder.py @@ -1,5 +1,6 @@ import re import requests +import base64 from .peasLoaded import PEASLoaded from .peassRecord import PEASRecord @@ -24,7 +25,9 @@ from .yamlGlobals import ( SUDOVB1_MARKUP, SUDOVB2_MARKUP, CAP_SETUID_MARKUP, - CAP_SETGID_MARKUP + CAP_SETGID_MARKUP, + LES_MARKUP, + LES2_MARKUP ) @@ -75,6 +78,13 @@ class LinpeasBuilder: self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup + print("[+] Building linux exploit suggesters...") + les_b64, les2_b64 = self.__get_linux_exploit_suggesters() + assert len(les_b64) > 100 + assert len(les2_b64) > 100 + self.__replace_mark(LES_MARKUP, list(les_b64), "") + self.__replace_mark(LES2_MARKUP, list(les2_b64), "") + print("[+] Building GTFOBins lists...") suidVB, sudoVB, capsVB = self.__get_gtfobins_lists() assert len(suidVB) > 185, f"Len suidVB is {len(suidVB)}" @@ -271,6 +281,12 @@ class LinpeasBuilder: analise_line += 'done; echo "";' return analise_line + + def __get_linux_exploit_suggesters(self) -> tuple: + r1 = requests.get("https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh") + r2 = requests.get("https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl") + return(base64.b64encode(bytes(r1.text, 'utf-8')).decode("utf-8"), base64.b64encode(bytes(r2.text, 'utf-8')).decode("utf-8")) + def __get_gtfobins_lists(self) -> tuple: r = requests.get("https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins") bins = re.findall(r'/GTFOBins/GTFOBins.github.io/blob/master/_gtfobins/([\w_ \-]+).md', r.text) diff --git a/linPEAS/builder/src/yamlGlobals.py b/linPEAS/builder/src/yamlGlobals.py index 04a74fa..8634b9c 100644 --- a/linPEAS/builder/src/yamlGlobals.py +++ b/linPEAS/builder/src/yamlGlobals.py @@ -39,4 +39,7 @@ SUIDVB2_MARKUP = YAML_LOADED["suidVB2_markup"] SUDOVB1_MARKUP = YAML_LOADED["sudoVB1_markup"] SUDOVB2_MARKUP = YAML_LOADED["sudoVB2_markup"] CAP_SETUID_MARKUP = YAML_LOADED["cap_setuid_markup"] -CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"] \ No newline at end of file +CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"] + +LES_MARKUP = YAML_LOADED["les_markup"] +LES2_MARKUP = YAML_LOADED["les2_markup"] \ No newline at end of file