darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/carlospolop/privilege-escalation-awesome-script-suite

Browse Source
This commit is contained in:
carlospolop 2019-11-05 06:40:47 -05:00
commit 36d7f660b8
4 changed files with 79 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
linPEAS/README.md
View File

@ -6,7 +6,7 @@
Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**. Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**.
[![asciicast](https://asciinema.org/a/250532.png)](https://asciinema.org/a/266928) [![asciicast](https://asciinema.org/a/250532.png)](https://asciinema.org/a/279208)
## Quick Start ## Quick Start

46
linPEAS/linpeas.sh
View File

@ -243,19 +243,19 @@ print_ps (){
} }
print_banner(){ print_banner(){
echo "         echo "         
                           
               
                 
           
               
               
                 
                   
                 
                         
               
       "        "
} }
########################################### ###########################################
@ -430,13 +430,13 @@ if [ !"$QUIET" ]; then print_banner; fi
printf " linpeas $VERSION" | sed "s,.*,${C}[1;94m&${C}[0m,"; printf $Y" by carlospolop\n"$NC printf " linpeas $VERSION" | sed "s,.*,${C}[1;94m&${C}[0m,"; printf $Y" by carlospolop\n"$NC
echo "" echo ""
printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC
echo "LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m," echo " LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m,"
echo "RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," echo " RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m,"
echo "RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m," echo " RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m,"
echo "LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m,"
echo "Blue: Users without console & mounted devs" | sed "s,Blue,${C}[1;34m&${C}[0m," echo " Blue: Users without console & mounted devs" | sed "s,Blue,${C}[1;34m&${C}[0m,"
echo "Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts) " | sed "s,Green,${C}[1;32m&${C}[0m," echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts) " | sed "s,Green,${C}[1;32m&${C}[0m,"
echo "LightMangenta: Your username" | sed "s,LightMangenta,${C}[1;95m&${C}[0m," echo " LightMangenta: Your username" | sed "s,LightMangenta,${C}[1;95m&${C}[0m,"
if [ "$(/usr/bin/id -u)" -eq "0" ]; then if [ "$(/usr/bin/id -u)" -eq "0" ]; then
echo "" echo ""
echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${C}[1;31;103m&${C}[0m," echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${C}[1;31;103m&${C}[0m,"
@ -570,7 +570,7 @@ if [ "`echo $CHECKS | grep SysI`" ]; then
#-- 8SY) SElinux #-- 8SY) SElinux
printf $Y"[+] "$GREEN"selinux enabled? .......... "$NC printf $Y"[+] "$GREEN"selinux enabled? .......... "$NC
(sestatus 2>/dev/null | sed "s,disabled,${C}[1;31m&${C}[0m,";) || echo_not_found "sestatus" (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${C}[1;31m&${C}[0m,"
#-- 9SY) Printer #-- 9SY) Printer
printf $Y"[+] "$GREEN"Printer? .......... "$NC printf $Y"[+] "$GREEN"Printer? .......... "$NC
@ -1077,7 +1077,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
ssh=`find /home /usr /root /etc /opt /var /mnt \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) 2>/dev/null` ssh=`find /home /usr /root /etc /opt /var /mnt \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) 2>/dev/null`
privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root /mnt /etc 2>/dev/null` privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root /mnt /etc 2>/dev/null`
certsb4=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pem" -o -name "*.cer" -o -name "*.crt" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` certsb4=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pem" -o -name "*.cer" -o -name "*.crt" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"`
certsb4_grep=`grep -L "\"\|'\|(" $certsb4 2>/dev/null` if [ "$certsb4" ]; then certsb4_grep=`grep -L "\"\|'\|(" $certsb4 2>/dev/null`; fi
certsbin=`find /home /usr /root /etc /opt /var /mnt \( -name "*.csr" -o -name "*.der" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` certsbin=`find /home /usr /root /etc /opt /var /mnt \( -name "*.csr" -o -name "*.der" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"`
clientcert=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pfx" -o -name "*.p12" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` clientcert=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pfx" -o -name "*.p12" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"`
sshagents=`find /tmp -name "agent*" 2>/dev/null` sshagents=`find /tmp -name "agent*" 2>/dev/null`
@ -1096,7 +1096,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
fi fi
if [ "$certsb4_grep" ] || [ "$certsbin" ]; then if [ "$certsb4_grep" ] || [ "$certsbin" ]; then
echo " -- Some certificates were found:" echo " -- Some certificates were found:"
grep -L "\"\|'\|(" $certsb4 2>/dev/null printf "$certsb4_grep\n"
printf "$certsbin\n" printf "$certsbin\n"
fi fi
if [ "$clientcert" ]; then if [ "$clientcert" ]; then

29
winPEAS/winPEASbat/winPEAS.bat
View File

@ -2,6 +2,35 @@
set long=no set long=no
echo *((,.,/((((((((((((((((((((/, */
echo ,/*,..*(((((((((((((((((((((((((((((((((,
echo ,*/((((((((((((((((((/, .*//((//**, .*((((((*
echo ((((((((((((((((* *****,,,/########## .(* ,((((((
echo (((((((((((/* ******************/####### .(. ((((((
echo ((((((..******************/@@@@@/***/######* /((((((
echo ,,..**********************@@@@@@@@@@(***,#### ../(((((
echo , ,**********************#@@@@@#@@@@*********##((/ /((((
echo ..(((##########*********/#@@@@@@@@@/*************,,..((((
echo .(((################(/******/@@@@@#****************.. /((
echo .((########################(/************************..*(
echo .((#############################(/********************.,(
echo .((##################################(/***************..(
echo .((######################################(************..(
echo .((######(,.***.,(###################(..***(/*********..(
echo .((######*(#####((##################((######/(********..(
echo .((##################(/**********(################(**...(
echo .(((####################/*******(###################.((((
echo .(((((############################################/ /((
echo ..(((((#########################################(..(((((.
echo ....(((((#####################################( .((((((.
echo ......(((((#################################( .(((((((.
echo (((((((((. ,(############################(../(((((((((.
echo (((((((((/, ,####################(/..((((((((((.
echo (((((((((/,. ,*//////*,. ./(((((((((((.
echo (((((((((((((((((((((((((((/"
echo by carlospolop
echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [*] BASIC SYSTEM INFO ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [*] BASIC SYSTEM INFO ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] WINDOWS OS ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] WINDOWS OS ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
echo [i] Check for vulnerabilities for the OS version with the applied patches echo [i] Check for vulnerabilities for the OS version with the applied patches

42
winPEAS/winPEASexe/winPEAS/Beaprint.cs
View File

@ -53,27 +53,27 @@ namespace winPEAS
Colorful.Console.WriteLine(@" Colorful.Console.WriteLine(@"
*((,.,/((((((((((((((((((((/, */ *((,.,/((((((((((((((((((((/, */
,/*,..*(((((((((((((((((((((((((((((((((, ,/*,..*(((((((((((((((((((((((((((((((((,
,*/((((((((((((((((((/, .*//((//**, .*((((((* ,*/((((((((((((((((((/, .*//((//**, .*((((((*
((((((((((((((((* *****,,,/########## .(* ,(((((( ((((((((((((((((* *****,,,/########## .(* ,((((((
(((((((((((/* ******************/####### .(. (((((( (((((((((((/* ******************/####### .(. ((((((
((((((..******************/@@@@@/***/######* /(((((( ((((((..******************/@@@@@/***/######* /((((((
,,..**********************&@@@@@@@@@(***,#### ../((((( ,,..**********************@@@@@@@@@@(***,#### ../(((((
, ,**********************#@@&@@%@@@%*********##((/ /(((( , ,**********************/@@@@@%@@@@/********##((/ /((((
..(((##########*********/%@@@@@@@@@/*************,,..(((( ..(((##########*********/%@@@@@@@@@/*************,,..((((
.(((################(/******/&@@@@%****************.. /(( .(((################(/******/@@@@@/****************.. /((
.((########################(/************************..*( .((########################(/************************..*(
.((#############################(/********************.,( .((#############################(/********************.,(
.((##################################(/***************..( .((##################################(/***************..(
.((######################################(************..( .((######################################(************..(
.((######(,.***.,(###################(..***(/*********..( .((######(,.***.,(###################(..***(/*********..(
.((######*(#####((##################((######/(********..( .((######*(#####((##################((######/(********..(
.((##################(/**********(################(**...( .((##################(/**********(################(**...(
.(((####################/*******(###################.(((( .(((####################/*******(###################.((((
.(((((############################################/ /(( .(((((############################################/ /((
..(((((#########################################(..(((((. ..(((((#########################################(..(((((.
....(((((#####################################( .((((((. ....(((((#####################################( .((((((.
......(((((#################################( .(((((((. ......(((((#################################( .(((((((.
(((((((((. ,(############################(../(((((((((. (((((((((. ,(############################(../(((((((((.
(((((((((/, ,####################(/..((((((((((. (((((((((/, ,####################(/..((((((((((.
(((((((((/,. ,*//////*,. ./(((((((((((. (((((((((/,. ,*//////*,. ./(((((((((((.
(((((((((((((((((((((((((((/", color_default); (((((((((((((((((((((((((((/", color_default);