darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix su brute check.

Browse Source 
Added Usage help message to indicate '-a' invokes all checks.
Removed 'sudo' exists check, replaced with appropriate 'su' check.
This commit is contained in:
camercu 2023-06-11 10:45:51 -05:00
parent 898b29b0fa
commit 7f4965c0b7
2 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
linPEAS/builder/linpeas_parts/6_users_information.sh
View File

@ -214,8 +214,7 @@ if [ "$EXTRA_CHECKS" ]; then
fi
#-- UI) Brute su
EXISTS_SUDO="$(command -v sudo 2>/dev/null)"
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
POSSIBE_SU_BRUTE=$(check_if_su_brute);
if [ "$POSSIBE_SU_BRUTE" ]; then
@ -228,6 +227,6 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] &&
printf $GREEN"It's not possible to brute-force su.\n\n"$NC
fi
else
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)\n"$NC
fi
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC

4
linPEAS/builder/linpeas_parts/linpeas_base.sh
View File

@ -74,6 +74,7 @@ THREADS="$( ( (grep -c processor /proc/cpuinfo 2>/dev/null) || ( (command -v lsc
HELP=$GREEN"Enumerate and search Privilege Escalation vectors.
${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors.
${GREEN} Checks:
${YELLOW} -a${BLUE} Perform all checks: 1 min of processes, su brute, and extra checks.
${YELLOW} -o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list.
${YELLOW} -s${BLUE} Stealth & faster (don't check some time consuming checks)
${YELLOW} -e${BLUE} Perform extra enumeration
@ -745,8 +746,9 @@ su_brute_user_num (){
}
check_if_su_brute(){
EXISTS_SU="$(command -v su 2>/dev/null)"
error=$(echo "" | timeout 1 su $(whoami) -c whoami 2>&1);
if ! echo $error | grep -q "must be run from a terminal"; then
if [ "$EXISTS_SU" ] && ! echo $error | grep -q "must be run from a terminal"; then
echo "1"
fi
}