diff --git a/README.md b/README.md index 05ddab3..322ec27 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,7 @@ file="/tmp/linPE";RED='\033[0;31m';Y='\033[0;33m';B='\033[0;34m';NC='\033[0m';rm - [x] SSH (private keys, known_hosts, authorized_hosts, authorized_keys, root login permitted) - [x] AWS (Files with AWS keys) - [x] NFS (privilege escalation misconfiguration) + - [x] Kerberos (configuration & tickets in /tmp) - **Generic Interesting Files** diff --git a/linpe.sh b/linpe.sh index d1383d5..6b4130d 100755 --- a/linpe.sh +++ b/linpe.sh @@ -119,11 +119,11 @@ notBackup="/tdbbackup$\|/db_hotbackup$" if [ "$(/usr/bin/id -u)" -eq "0" ]; then printf $B"[*] "$RED"YOU ARE ALREADY ROOT!!! (nothing is going to be executed)\n"$NC; exit; fi rm -rf $file 2>/dev/null -echo "linpe v1.1" +echo "linpe v1.1.1" echo "Output File: $file" | sed "s,.*,${C}[1;4m&${C}[0m," echo "" >> $file -echo "linpe v1.1" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file +echo "linpe v1.1.1" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file echo "https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist" >> $file echo "LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m," >> $file echo "RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," >> $file @@ -582,7 +582,6 @@ if [ "$ssh" ] || [ "$sshrootlogin" ] || [ "$privatekeyfiles" ]; then echo "" >> $file fi - #AWS awskeyfiles=`grep -rli "aws_secret_access_key" /home /root /mnt /etc 2>/dev/null | grep -v $(basename "$0")` if [ "$awskeyfiles" ]; then @@ -600,6 +599,22 @@ if [ "$exprts" ]; then echo "" >> $file fi +#Kerberos +krb5=`ls /etc/krb5.conf 2>/dev/null` +krbtickets=`ls /tmp/krb5cc* 2>/dev/null` +if [ "$krb5" ]; then + printf $Y"[+] "$GREEN"Found kerberos conf /etc/krb5.conf\n"$NC >> $file + printf $B"[i] "$Y"https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt\n"$NC >> $file + cat /etc/krb5.conf | grep default_ccache_name | sed "s,default_ccache_name,${C}[1;31m&${C}[0m," >> $file + echo "" >> $file +fi +if [ "$krbtickets" ]; then + printf $Y"[+] "$GREEN"Found kerberos tickets\n"$NC >> $file + printf $B"[i] "$Y"https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt\n"$NC >> $file + ls -l /tmp/krb5cc* >> $file + echo "" >> $file +fi + echo "" >> $file printf $B"[*] "$GREEN"Gathering files information...\n"$NC printf $B"[*] "$GREEN"GENERAL INTERESTING FILES\n"$NC >> $file