This commit is contained in:
Carlos Polop 2021-10-21 09:25:40 -04:00
parent 8ce392c4ae
commit 1ac6bc1432
4 changed files with 38 additions and 2 deletions

View File

@ -86,6 +86,8 @@ sudoVB1_markup: "peass{SUDOVB1_HERE}"
sudoVB2_markup: "peass{SUDOVB2_HERE}" sudoVB2_markup: "peass{SUDOVB2_HERE}"
cap_setuid_markup: "peass{CAP_SETUID_HERE}" cap_setuid_markup: "peass{CAP_SETUID_HERE}"
cap_setgid_markup: "peass{CAP_SETGID_HERE}" cap_setgid_markup: "peass{CAP_SETGID_HERE}"
les_markup: "peass{LES}"
les2_markup: "peass{LES2}"

View File

@ -1187,6 +1187,21 @@ if echo $CHECKS | grep -q SysI; then
macosNotSigned /System/Library/Extensions macosNotSigned /System/Library/Extensions
fi fi
if [ "$(command -v bash 2>/dev/null)" ]; then
print_2title "Executing Linux Exploit Suggester"
les_b64="peass{LES}"
echo $les_b64 | base64 -d | bash
echo ""
fi
if [ "$(command -v perl 2>/dev/null)" ]; then
print_2title "Executing Linux Exploit Suggester 2"
les2_b64="peass{LES2}"
echo $les2_b64 | base64 -d | perl
echo ""
fi
#-- SY) AppArmor #-- SY) AppArmor
print_2title "Protections" print_2title "Protections"
print_list "AppArmor enabled? .............. "$NC print_list "AppArmor enabled? .............. "$NC

View File

@ -1,5 +1,6 @@
import re import re
import requests import requests
import base64
from .peasLoaded import PEASLoaded from .peasLoaded import PEASLoaded
from .peassRecord import PEASRecord from .peassRecord import PEASRecord
@ -24,7 +25,9 @@ from .yamlGlobals import (
SUDOVB1_MARKUP, SUDOVB1_MARKUP,
SUDOVB2_MARKUP, SUDOVB2_MARKUP,
CAP_SETUID_MARKUP, CAP_SETUID_MARKUP,
CAP_SETGID_MARKUP CAP_SETGID_MARKUP,
LES_MARKUP,
LES2_MARKUP
) )
@ -75,6 +78,13 @@ class LinpeasBuilder:
self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup
print("[+] Building linux exploit suggesters...")
les_b64, les2_b64 = self.__get_linux_exploit_suggesters()
assert len(les_b64) > 100
assert len(les2_b64) > 100
self.__replace_mark(LES_MARKUP, list(les_b64), "")
self.__replace_mark(LES2_MARKUP, list(les2_b64), "")
print("[+] Building GTFOBins lists...") print("[+] Building GTFOBins lists...")
suidVB, sudoVB, capsVB = self.__get_gtfobins_lists() suidVB, sudoVB, capsVB = self.__get_gtfobins_lists()
assert len(suidVB) > 185, f"Len suidVB is {len(suidVB)}" assert len(suidVB) > 185, f"Len suidVB is {len(suidVB)}"
@ -271,6 +281,12 @@ class LinpeasBuilder:
analise_line += 'done; echo "";' analise_line += 'done; echo "";'
return analise_line return analise_line
def __get_linux_exploit_suggesters(self) -> tuple:
r1 = requests.get("https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh")
r2 = requests.get("https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl")
return(base64.b64encode(bytes(r1.text, 'utf-8')).decode("utf-8"), base64.b64encode(bytes(r2.text, 'utf-8')).decode("utf-8"))
def __get_gtfobins_lists(self) -> tuple: def __get_gtfobins_lists(self) -> tuple:
r = requests.get("https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins") r = requests.get("https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins")
bins = re.findall(r'/GTFOBins/GTFOBins.github.io/blob/master/_gtfobins/([\w_ \-]+).md', r.text) bins = re.findall(r'/GTFOBins/GTFOBins.github.io/blob/master/_gtfobins/([\w_ \-]+).md', r.text)

View File

@ -40,3 +40,6 @@ SUDOVB1_MARKUP = YAML_LOADED["sudoVB1_markup"]
SUDOVB2_MARKUP = YAML_LOADED["sudoVB2_markup"] SUDOVB2_MARKUP = YAML_LOADED["sudoVB2_markup"]
CAP_SETUID_MARKUP = YAML_LOADED["cap_setuid_markup"] CAP_SETUID_MARKUP = YAML_LOADED["cap_setuid_markup"]
CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"] CAP_SETGID_MARKUP = YAML_LOADED["cap_setgid_markup"]
LES_MARKUP = YAML_LOADED["les_markup"]
LES2_MARKUP = YAML_LOADED["les2_markup"]