From 4bebe3c3ab4aec4d5bbe9b6eedd7c6b6e5c88eb2 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Wed, 29 Apr 2020 21:18:19 +0100 Subject: [PATCH] Update linpeas.sh --- linPEAS/linpeas.sh | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh index 21da316..9fceb0d 100755 --- a/linPEAS/linpeas.sh +++ b/linPEAS/linpeas.sh @@ -1,6 +1,6 @@ #!/bin/sh -VERSION="v2.4.9" +VERSION="v2.5.0" ADVISORY="linpeas should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission." @@ -1389,12 +1389,22 @@ if [ "`echo $CHECKS | grep SofI`" ]; then grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed "s,PermitRootLogin.*es\|PermitEmptyPasswords.*es\|ChallengeResponseAuthentication.*es\|FordwardAgent.*es,${C}[1;31m&${C}[0m," - privatekeyfiles=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /home /root /mnt /etc 2>/dev/null` - if [ "$privatekeyfiles" ]; then - privatekeyfilesgrep=`grep -L "\"\|'\|(" "$privatekeyfiles"` # Check there aren't unexpected symbols in the file + if [ "$TIMEOUT" ]; then + privatekeyfilesetc=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` + privatekeyfileshome=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /home 2>/dev/null` + privatekeyfilesroot=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null` + privatekeyfilesmnt=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null` + else + privatekeyfilesetc=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` #If there is tons of files linpeas gets frozen here without a timeout + privatekeyfileshome=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME 2>/dev/null` fi - if [ "$privatekeyfilesgrep" ]; then - printf "Private SSH keys found!:\n$privatekeyfilesgrep\n" | sed "s,.*,${C}[1;31m&${C}[0m," + + if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then + printf "Possible private SSH keys were found!\n" | sed "s,.*,${C}[1;31m&${C}[0m," + if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi + if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi + if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi + if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi fi if [ "$certsb4_grep" ] || [ "$certsbin" ]; then echo " --> Some certificates were found:"