darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added kerberos

Browse Source
This commit is contained in:
carlospolop 2019-06-12 23:49:01 +02:00
parent 503eb679c9
commit 1b7f85293a
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -127,6 +127,7 @@ file="/tmp/linPE";RED='\033[0;31m';Y='\033[0;33m';B='\033[0;34m';NC='\033[0m';rm
- [x] SSH (private keys, known_hosts, authorized_hosts, authorized_keys, root login permitted)
- [x] AWS (Files with AWS keys)
- [x] NFS (privilege escalation misconfiguration)
- [x] Kerberos (configuration & tickets in /tmp)
- **Generic Interesting Files**

21
linpe.sh
View File

@ -119,11 +119,11 @@ notBackup="/tdbbackup$\|/db_hotbackup$"
if [ "$(/usr/bin/id -u)" -eq "0" ]; then printf $B"[*] "$RED"YOU ARE ALREADY ROOT!!! (nothing is going to be executed)\n"$NC; exit; fi
rm -rf $file 2>/dev/null
echo "linpe v1.1"
echo "linpe v1.1.1"
echo "Output File: $file" | sed "s,.*,${C}[1;4m&${C}[0m,"
echo "" >> $file
echo "linpe v1.1" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file
echo "linpe v1.1.1" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file
echo "https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist" >> $file
echo "LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m," >> $file
echo "RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," >> $file
@ -582,7 +582,6 @@ if [ "$ssh" ] || [ "$sshrootlogin" ] || [ "$privatekeyfiles" ]; then
echo "" >> $file
fi
#AWS
awskeyfiles=`grep -rli "aws_secret_access_key" /home /root /mnt /etc 2>/dev/null | grep -v $(basename "$0")`
if [ "$awskeyfiles" ]; then
@ -600,6 +599,22 @@ if [ "$exprts" ]; then
echo "" >> $file
fi
#Kerberos
krb5=`ls /etc/krb5.conf 2>/dev/null`
krbtickets=`ls /tmp/krb5cc* 2>/dev/null`
if [ "$krb5" ]; then
printf $Y"[+] "$GREEN"Found kerberos conf /etc/krb5.conf\n"$NC >> $file
printf $B"[i] "$Y"https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt\n"$NC >> $file
cat /etc/krb5.conf | grep default_ccache_name | sed "s,default_ccache_name,${C}[1;31m&${C}[0m," >> $file
echo "" >> $file
fi
if [ "$krbtickets" ]; then
printf $Y"[+] "$GREEN"Found kerberos tickets\n"$NC >> $file
printf $B"[i] "$Y"https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt\n"$NC >> $file
ls -l /tmp/krb5cc* >> $file
echo "" >> $file
fi
echo "" >> $file
printf $B"[*] "$GREEN"Gathering files information...\n"$NC
printf $B"[*] "$GREEN"GENERAL INTERESTING FILES\n"$NC >> $file