another linpeas fix

2024-12-05 17:49:44 +01:00 · 2024-12-05 17:49:44 +01:00 · 2a71da4bb2
commit 2a71da4bb2
parent 1e1a8a7c86
4 changed files with 7 additions and 3 deletions
--- a/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
@ -47,18 +47,22 @@ if [ "$is_az_vm" = "Yes" ]; then
    echo ""

    print_3title "Management token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
    echo ""

    print_3title "Graph token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
    echo ""
    
    print_3title "Vault token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
    echo ""

    print_3title "Storage token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
    echo ""
  fi
--- a/linPEAS/builder/linpeas_parts/7_software_information/Mysql.sh
+++ b/linPEAS/builder/linpeas_parts/7_software_information/Mysql.sh
@ -36,7 +36,7 @@ if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
      for f in $(find $d -name user.MYD 2>/dev/null); do
        if [ -r "$f" ]; then
          echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED},"
-          grep -oaE "[-_\.\*a-Z0-9]{3,}" "$f" | grep -v "mysql_native_password"
+          grep -oaE "[-_\.\*a-zA-Z0-9]{3,}" "$f" | grep -v "mysql_native_password"
        fi
      done
      
--- a/linPEAS/builder/linpeas_parts/functions/check_tencent_cvm.sh
+++ b/linPEAS/builder/linpeas_parts/functions/check_tencent_cvm.sh
@ -16,7 +16,7 @@

 check_tencent_cvm () {
  is_tencent_cvm="No"
-  if grep -qi Tencent /etc/cloud/cloud.cfg; then
+  if grep -qi Tencent /etc/cloud/cloud.cfg 2>/dev/null; then
      is_tencent_cvm="Yes"
  fi
 }
--- a/linPEAS/builder/src/linpeasBuilder.py
+++ b/linPEAS/builder/src/linpeasBuilder.py
@ -365,7 +365,7 @@ class LinpeasBuilder:
                    rb = requests.get(f"https://raw.githubusercontent.com/GTFOBins/GTFOBins.github.io/master/_gtfobins/{b}.md", timeout=5)
            if "sudo:" in rb.text:
                if len(b) <= 3:
-                    sudoVB.append("[^a-z-Z0-9]"+b+"$") # Less false possitives applied to small names
+                    sudoVB.append("[^a-zA-Z0-9]"+b+"$") # Less false possitives applied to small names
                else:
                    sudoVB.append(b+"$")
            if "suid:" in rb.text: