Merge branch 'master' of github.com:peass-ng/PEASS-ng
This commit is contained in:
Carlos Polop
commit
97ae1d2e3b
@ -15,6 +15,6 @@
|
|||||||
|
|
||||||
if ! [ "$SEARCH_IN_FOLDER" ]; then
|
if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||||
print_2title "Searching passwords inside logs (limit 70)"
|
print_2title "Searching passwords inside logs (limit 70)"
|
||||||
(find /var/log/ /var/logs/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|modules-config/config-set-passwords\|config-set-passwords already ran\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
|
(find /var/log/ /var/logs/ /private/var/log -type f -exec grep -R -H -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|modules-config/config-set-passwords\|config-set-passwords already ran\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
|
||||||
echo ""
|
echo ""
|
||||||
fi
|
fi
|
||||||
@ -37,9 +37,10 @@ Basic options:
|
|||||||
---- --------------- -------- -----------
|
---- --------------- -------- -----------
|
||||||
PARAMETERS no Parameters to pass to the script
|
PARAMETERS no Parameters to pass to the script
|
||||||
PASSWORD um1xipfws17nkw1bi1ma3bh7tzt4mo3e no Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used
|
PASSWORD um1xipfws17nkw1bi1ma3bh7tzt4mo3e no Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used
|
||||||
.
|
|
||||||
PEASS_URL https://raw.githubusercontent.com/peass-ng/PEASS-ng/master/winPEAS/wi yes Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/peass-ng/PEASS-ng
|
WINPEASS true yes Use PEASS for Windows or PEASS for linux. Default is windows change to false for linux.
|
||||||
nPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe /master/linPEAS/linpeas.sh
|
CUSTOM_URL no Path to the PEASS script. Accepted: http(s):// URL or absolute local path.
|
||||||
|
|
||||||
SESSION yes The session to run this module on.
|
SESSION yes The session to run this module on.
|
||||||
SRVHOST no Set your metasploit instance IP if you want to download the PEASS script from here via http(s) instead of uploading it.
|
SRVHOST no Set your metasploit instance IP if you want to download the PEASS script from here via http(s) instead of uploading it.
|
||||||
SRVPORT 443 no Port to download the PEASS script from using http(s) (only used if SRVHOST)
|
SRVPORT 443 no Port to download the PEASS script from using http(s) (only used if SRVHOST)
|
||||||
|
|||||||
@ -37,7 +37,8 @@ class MetasploitModule < Msf::Post
|
|||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]),
|
OptString.new('WINPEASS', [true, 'Which PEASS script to use. Use True for WinPeass and false for LinPEASS', true]),
|
||||||
|
OptString.new('CUSTOM_URL', [false, 'URL to download the PEASS script from (if not using the default one). Accepts http(s) or absolute path. Overrides the WINPEASS variable', '']),
|
||||||
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
|
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
|
||||||
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
|
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
|
||||||
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
|
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
|
||||||
@ -237,8 +238,14 @@ class MetasploitModule < Msf::Post
|
|||||||
def load_peass
|
def load_peass
|
||||||
# Load the PEASS script from a local file or from Internet
|
# Load the PEASS script from a local file or from Internet
|
||||||
peass_script = ""
|
peass_script = ""
|
||||||
url_peass = datastore['PEASS_URL']
|
url_peass = ""
|
||||||
|
# If no URL is set, use the default one
|
||||||
|
if datastore['CUSTOM_URL'] != ""
|
||||||
|
url_peass = datastore['CUSTOM_URL']
|
||||||
|
else
|
||||||
|
url_peass = datastore['WINPEASS'] ? "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe" : "https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh"
|
||||||
|
end
|
||||||
|
# If URL is set, check if it is a valid URL or local file
|
||||||
if url_peass.include?("http://") || url_peass.include?("https://")
|
if url_peass.include?("http://") || url_peass.include?("https://")
|
||||||
target = URI.parse url_peass
|
target = URI.parse url_peass
|
||||||
raise 'Invalid URL' unless target.scheme =~ /https?/
|
raise 'Invalid URL' unless target.scheme =~ /https?/
|
||||||
|
|||||||
@ -594,7 +594,7 @@ namespace winPEAS.Checks
|
|||||||
try
|
try
|
||||||
{
|
{
|
||||||
Beaprint.MainPrint("Checking KrbRelayUp");
|
Beaprint.MainPrint("Checking KrbRelayUp");
|
||||||
Beaprint.LinkPrint("https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#krbrelayupp");
|
Beaprint.LinkPrint("https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#krbrelayup");
|
||||||
|
|
||||||
if (Checks.CurrentAdDomainName.Length > 0)
|
if (Checks.CurrentAdDomainName.Length > 0)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -183,11 +183,19 @@ namespace winPEAS.Helpers
|
|||||||
//////// MISC ////////
|
//////// MISC ////////
|
||||||
//////////////////////
|
//////////////////////
|
||||||
public static List<string> ListFolder(String path)
|
public static List<string> ListFolder(String path)
|
||||||
|
{
|
||||||
|
try
|
||||||
{
|
{
|
||||||
string root = @Path.GetPathRoot(Environment.SystemDirectory) + path;
|
string root = @Path.GetPathRoot(Environment.SystemDirectory) + path;
|
||||||
var dirs = from dir in Directory.EnumerateDirectories(root) select dir;
|
var dirs = from dir in Directory.EnumerateDirectories(root) select dir;
|
||||||
return dirs.ToList();
|
return dirs.ToList();
|
||||||
}
|
}
|
||||||
|
catch(Exception ex)
|
||||||
|
{
|
||||||
|
//Path can't be accessed
|
||||||
|
return new List<string>();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
internal static byte[] CombineArrays(byte[] first, byte[] second)
|
internal static byte[] CombineArrays(byte[] first, byte[] second)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user