From fa5578b2ff39be06adec065ddfd6fcb09b791786 Mon Sep 17 00:00:00 2001 From: Dante <148709693+dante-tech@users.noreply.github.com> Date: Sun, 5 May 2024 14:50:25 +0200 Subject: [PATCH 1/4] Refactor peasLoaded.py for Improved Efficiency This pull request introduces a set of improvements to the peasLoaded.py file, aimed at enhancing the readability, maintainability, and performance of the code. The key changes include: - Indentation Correction: Fixed the indentation to comply with Python standards, ensuring proper code block recognition and avoiding potential runtime errors. - List Comprehension: Implemented list comprehension for the creation of FileRecord instances, which simplifies the code structure and improves readability. - Configuration Handling: Streamlined the access to the config dictionary by extracting it once at the beginning of the loop, reducing repetitive code and potential access errors. - Default Value Usage: Utilized the .get() method with default values from DEFAULTS for both `auto_check` and `exec` keys. These changes do not alter the core functionality of the code but provide a cleaner and more efficient approach to the existing logic. Please review the changes and let me know if there are any concerns or further improvements that can be made. --- linPEAS/builder/src/peasLoaded.py | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/linPEAS/builder/src/peasLoaded.py b/linPEAS/builder/src/peasLoaded.py index 4ad3c26..5046e78 100644 --- a/linPEAS/builder/src/peasLoaded.py +++ b/linPEAS/builder/src/peasLoaded.py @@ -6,26 +6,24 @@ class PEASLoaded: def __init__(self): to_search = YAML_LOADED["search"] self.peasrecords = [] + for record in to_search: record_value = record["value"] - if "linpeas" in str(record_value["config"].get("disable","")).lower(): + config = record_value.get("config", {}) + + if "linpeas" in config.get("disable", "").lower(): continue - filerecords = [] - for filerecord in record_value["files"]: - filerecords.append( - FileRecord( - regex=filerecord["name"], - **filerecord["value"] - ) - ) + filerecords = [ + FileRecord(regex=filerecord["name"], **filerecord["value"]) + for filerecord in record_value["files"] + ] - name = record["name"] self.peasrecords.append( PEASRecord( - name=name, - auto_check=record_value["config"]["auto_check"], - exec=record_value["config"].get("exec", DEFAULTS["exec"]), + name=record["name"], + auto_check=config.get("auto_check", DEFAULTS["auto_check"]), + exec=config.get("exec", DEFAULTS["exec"]), filerecords=filerecords ) - ) \ No newline at end of file + ) From 5c1f0813440a9695f0dd0cc7e09c500644b4f8fe Mon Sep 17 00:00:00 2001 From: Farzin Monsef Date: Sun, 2 Jun 2024 17:43:09 +0330 Subject: [PATCH 2/4] checkDockerVersionExploits: add CVE-2021-41091 --- linPEAS/builder/linpeas_parts/2_container.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linPEAS/builder/linpeas_parts/2_container.sh b/linPEAS/builder/linpeas_parts/2_container.sh index 39235bf..6b64435 100644 --- a/linPEAS/builder/linpeas_parts/2_container.sh +++ b/linPEAS/builder/linpeas_parts/2_container.sh @@ -113,6 +113,7 @@ checkDockerVersionExploits() { if echo "$dockerVersion" | grep -iq "not found"; then VULN_CVE_2019_13139="$(echo_not_found)" VULN_CVE_2019_5736="$(echo_not_found)" + VULN_CVE_2021_41091="$(echo_not_found)" return fi @@ -125,6 +126,11 @@ checkDockerVersionExploits() { if [ "$(echo $dockerVersion | sed 's,\.,,g')" -lt "1893" ]; then VULN_CVE_2019_5736="Yes" fi + + VULN_CVE_2021_41091="$(echo_no)" + if [ "$(echo $dockerVersion | sed 's,\.,,g')" -lt "20109" ]; then + VULN_CVE_2021_41091="Yes" + fi } checkContainerExploits() { @@ -268,6 +274,7 @@ if echo "$containerType" | grep -qi "docker"; then checkDockerVersionExploits print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," + print_list "Vulnerable to CVE-2021-41091 ...$NC$VULN_CVE_2021_41091"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," if [ "$inContainer" ]; then checkDockerRootless print_list "Rootless Docker? ............... $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," From efa0e98547a7aaeefe92a6b00329314c78b12dc4 Mon Sep 17 00:00:00 2001 From: shadowabi <50265741+shadowabi@users.noreply.github.com> Date: Mon, 17 Jun 2024 11:23:11 +0800 Subject: [PATCH 3/4] Update 3_cloud.sh for check_cvm Added connection timeout Settings and fixed wget syntax errors for check_cvm --- linPEAS/builder/linpeas_parts/3_cloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linPEAS/builder/linpeas_parts/3_cloud.sh b/linPEAS/builder/linpeas_parts/3_cloud.sh index e6ede29..6a69577 100644 --- a/linPEAS/builder/linpeas_parts/3_cloud.sh +++ b/linPEAS/builder/linpeas_parts/3_cloud.sh @@ -168,9 +168,9 @@ echo "" if [ "$is_tencent_cvm" = "Yes" ]; then tencent_req="" if [ "$(command -v curl)" ]; then - tencent_req='curl -sfkG' + tencent_req='curl --connect-timeout 2 -sfkG' elif [ "$(command -v wget)" ]; then - tencent_req='wget -q -O ' + tencent_req='wget -q --timeout 2 --tries 1 -O -' else echo "Neither curl nor wget were found, I can't enumerate the metadata service :(" fi From 8afc3528783edbdccb7401f250a56921387f1656 Mon Sep 17 00:00:00 2001 From: shadowabi <50265741+shadowabi@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:31:28 +0800 Subject: [PATCH 4/4] Update 3_cloud.sh add detect user data --- linPEAS/builder/linpeas_parts/3_cloud.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linPEAS/builder/linpeas_parts/3_cloud.sh b/linPEAS/builder/linpeas_parts/3_cloud.sh index 6a69577..ea1ccb5 100644 --- a/linPEAS/builder/linpeas_parts/3_cloud.sh +++ b/linPEAS/builder/linpeas_parts/3_cloud.sh @@ -237,6 +237,10 @@ if [ "$is_tencent_cvm" = "Yes" ]; then echo " Key: "$(eval $tencent_req "http://169.254.0.23/latest/meta-data/public-keys/${key}openssh-key") echo " ==============" done + + echo "" + print_3title "User Data" + eval $tencent_req http://169.254.0.23/latest/user-data; echo "" fi if [ "$is_aliyun_ecs" = "Yes" ]; then