From 99b069fe998739bc76b9e24b589c5e8085375ea0 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Sat, 8 Jun 2019 12:34:41 +0200
Subject: [PATCH] v1.1

---
 README.md        |   2 +-
 images/linpe.png | Bin 4784 -> 7609 bytes
 linpe.sh         |  34 +++++++++++++++++++---------------
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 28a5563..85a6c97 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ This script does not have any dependency.
 
 There is not need even for bash shell, **it runs using /bin/sh**.
 
-It could take from **2 to 3 minutes** to execute the hole script (less than 1 min to make almost all the checks, almost 1 min to search for possible passwords inside files and 1 min to monitor the processes in order to find very frequent cron jobs).
+It could take from **2 to 3 minutes** to execute the hole script (less than 1 min to make almost all the checks, almost 1 min to search for possible passwords inside all the accesible files of the system and 1 min to monitor the processes in order to find very frequent cron jobs).
 
 This script have several lists included inside it to be able to color the results in order to help to discover PE vector.
 
diff --git a/images/linpe.png b/images/linpe.png
index ebae34ced8b4c1a355e10c9c8077bfe62e5bdf25..57055a9a3f79c254b8269390de364d3a4a65bf41 100755
GIT binary patch
literal 7609
zcmb7Jdpwi<`=8Bnijb+4V~%4^r6LNoa>`+wVN4>GIm<aThYk)sJdTkf&xVaTWh_!t
zq|y_yQ7DH<CX!N=^7~Ld&+~o0zt`*c`u*W{-`hT?>v~_;`+Z$^vc2tLQDGTj2m~T(
zX>kw(fk1u0Jyj42t`|$cd4Yd?r!j}kAyrSdO@RmglV(TEAduR0k>z7>@GKN$;c^-R
zkqlk^<9m5RJ`w_vwY5BGhKqEc$-k7j{U$xB%X-%OW!_My)Mal7wS3-gaCX^zlx$<_
zosK$ka3x*bTu?D-?XrIH&dS&Qse+2*{rbkjYTng`j^25!r@p&d*p2(14c^u<7mQjT
z@>nA`!lOSwTlDaY#6Snwq-FZk0RB(VzOInT#Fm+_N=X?4;$5t->5ID!^?I*Z*-=xx
zc!{S3_Qm9F3Yy$;cFa{ZDMojyn@02M5yft>G3v&JnW5XUqV$SWl_e!jo;~rUbP?pC
znySm8#WY?*%I`V1@22_&?XPe!t<FV~gpkMrx_0@S%h4V^5Z^tzQ>Iuh95Go)dWzyt
zcXYxz{G73a1IrRrJZkfW*730}2a_65dxum^iS!nFXhlQEBUM$7SkTbBF|E=%`?v;t
z>y5pWCEKN7oh6CcRS=?N8K-1R8LwqCzm<)OEe&0hDn5UeTx7Bb`kKfMnZV`ks4v8)
z70O0RZz*y9uE1tv@fgqOKcVD0U)WXbg8O=?N@>5A`Gbgrv!60m(GDh_>x}ns=Aqp=
zl}TG_I$e?_uqR>F!EZkZbiRXi@dYq5C9!@gkDt{dZ9QFKdmP`jE7*G$R9<uz+99Yo
zZ1v@8<NmL&c0S9~aP1WF^yWeF{Go=9{KTyI{yB#Y`N<a`jRec&sUf4(`ZA$CFGA=q
zQ_YIocDhJ-NSNQ=804%xyZ`V|rs-4M#ac+E;F}P-U{eDOO;ch6yXMdE+uJiJZJ_}~
zFIIoj&&@wffvg^x(yK_7mUX)!skwXATmnCASDKqm2+hEZs&^?Ja@~d%s9(quDn7AS
zw-lI7=^1r->g~Z)F;C%2p`RAaLhuojGOE#Wyp;P$BwbVWh3*2Il9-LJN9#?oDF--C
zhr`+_up^F}aG^FW$9VCUjp2xMn?*EQE{Oa=p@xqd4vek3TNK;LCVivrvwx}w#zXoL
zSz<v=6S$U5{iYeu^rjT3LJTJxr6lork)>i^@@{Fxq>M&#gxXJZ|HApwy2TD<fO+NZ
zjoVoY!z;75=8`)0zFrXmVKCG>>8`vfz^r=zpapnb?%+u;oz_8EBbfXM#E<=%==vO{
z`}HpE<lCSO!lsn0Ng<RR)N5zgy-}cQsuJ%xJYsezfN%6iglW>OxGER2Wq(k1$c!GC
zFk?N-oDQ#&U-k89PDSpLx+0>8rviTc9p<LUh4yz16}-AsAylSXHr8o}29ekZtI8n7
zPoE6<^Zk8p5;hC_exhvkh=Y7i7EJcS_FyYi0@3yRdSZWdrDI+y!y2sOw`VqQW!1!6
zOLH~L2xsXVfL+19@6*v?9h|L<a^PDK${M#aR=0F|Zg%w`;P&rJM#o&&ofX2zm&=^f
z-yhsAnokGcTaPPz@a{>wP(<D&r-0f4WvEy3iiDrNAKkEH+hRuSw73I%{DNP!TK~0C
z*=vR3^B*WTMmSIB=1z~lW$%?A8ST0Qf4hj4e|_MS{{`b^S(9Af^v|yYQ^e<$dR)Y@
ze(m18_)>O=CvTz2=0z=|t(Rc!ioc{8YwpkSp{w;X=&k^BWjrIRJWGLsDy>Zw({9}r
z)D*%)c<x9v6W^B0fn%!sy^)IJ5t+8}m!Z}^cH$CF2Qabz)xsw*8%PZsx~0kSkXueN
zS5hwIV$sIBROxf9b+(R$*j#l78@(DWBMXgE)JrjACR}mcm+wM5^Yr*Aj1ME9M>~6?
z=Nw4|{_)xb$Gu;xEX6+`x-QxcR)&0{p{b$Qa>CyQ(fm@na3Dc^o=Lf(P|C&(tc}fz
zw(s3%N;olec&}Qr9+&Y-{}sEJqRCL_7+Ohs@q$IOvsKBiDBUftKKXhOsYHje28E;;
z)RfjmjhgIF+oBdt*%Ud>&<f<hK&@q(M%?-cHLs0hrO*tpxC&Kh1TSK9&9w~D;>j2~
z6Rw;Tv*BMO-6A0xm;Gd1xN0V)ks=YkTLMDa?hHqmq5<C2jF}1D1?|(ow^TL4KfkpQ
zT#^HR=#}cn{(&^7^9S4H&^=Taicfrn`15Uc=4*dy<%M;U&E)0K_jru7LHQsY95{Q<
z9;$S!w#vdGLactblKBIj!@t3fs=l}w9R`n()v3xAU*HMP+Ol(u9_7&l4s=rXvJZ?M
zqV+I<5nker1~6OAczS|_wo9Fy#2kdzbpoO25r2P$N@XauX^$gm69`F>bi};#;w7b|
znEl3654=Wqr~Hl6wY#DA{VOqZ@`d}}j}Fh|pZyf|{o7~x)Z3}MqmIgdd>=QxdsIgL
zo6oKJ(IRI5xbyP!Kd|BHogBSQ1o!*ASd-=aM%eU@gWASju;II(DmDnmjmK=+*LAOG
zW`Nzl|Nexmox#54Sd%MX*d^qM_rZa>Azk<GbP6o6cg$K+)M8cy<e)G6?+w2?KH{}I
zcBFpBX+<DzSH|cE<K^d7qA}mRjAJ@-``^x+4hVc_MZAZ;oJbtF7L2j?#W`r+RA|r9
zY=BKT=B50Ox3fADn;-hBfT`qoALn&77norZZ<93vX<_2312|dK%8!UI6&X%MBvSht
z^COdxFwK?3H^GLE`_N&&dDEvgOCLf{QEe-TRb7nBcuj5WhMoQ>_%!#DPaS_CtuF<)
z1?xxkzCZjcYBZ|cYGu`{n{a9M(U^flqY3UPM~;=Y?TTke3b!D1nc;ct6yF>>n;=#0
ziD4&wMM2az`WoyHyUN5I8PCqi_BT7IHG=Q?+#GkM^>Z_m&Bh%a#0HLK=Nw{qj#lQ7
zbTLC>5<P`C@bq8;u`S$!l49wjR>*^rtCrY(My}O3>umL^f39(!_(Wsvv+JL}cZ^F7
zUQ5#hq3zSdhuH$Kv&Rvz)@wY!GkM8$ZZkWj94?&Xe}+F@vH^a&Vfe({w*Zu`cv?Xa
z&+>J8@FOd@E1P}rMFpBMx=k%POXgT}XV4SzK%0$0yh84|Rkjw^YVD=K*rpza&VIyW
zRFSeuN}H5({=+SeCPrSuTIg&f)b#yvTh~{fAu2~Y(-P_G3>G|;8;fc(IpB8U?K-Ga
z>x?vf?(t0cujP&HF}mWACPKxm?^9WPh#EOQ;mJpDl13`!k=68=G_{YcU8~(pZqU=1
z8Rv#;5`WOXhek<d8|yI{7C%v6qF_{`#e=NL0S|B0lWq)4E1P)gMGP9Ee(kZ3uba(m
z(8#$e;Wy9^lSB!oX?##r$n;o?ZSA*RiSHtO{RM=T5^7P!am;gQ0lk(EV1x#ktOuGi
zAgyfLg7s}^9;qE0ORyTu1kU4kzDv8mdgK&!M}BfVI|P3wSxhU{i0lf)z?vbPe1R(Q
z5W1!+3qh(K7%1R+*{nm>hP*`Zxppxgv^Cv`MWfig4Y2KlfjbuC8vDYFduI*ux45`i
zrcYhP(_6u>*(oe0-6u@9n`Thl$(R{`*e85>3uC;`Q^5HV&AmpahTkqr3<8esQQPDn
z%P-|u*1o#5MuW)~uY$206-p>v{fdn<_o6%4)W-riYu8+yW{#mIu^f+SfJ@YpU7!Cz
z-@&vmNNLg;o+EwCL$j&EndL#%N4L?{ybY8Wo-}I-KW;y`YD=eDGS&>}jyI4{bVaTq
zJH(c$rc$cm?qY7`G-OzlQe1I017eW(Ig|D2`vtk<!TG^8b)H%r&h#ISomvTGePgpB
zmQBmkl!Sh#&joPjFn=t_b<Qq>J3+La&$T=YtHhFZnqaplxIMUq<3d$VzVPxPLX!jP
zbZo#Vt{inY{9**7a*fHn2XnfkkCw_oUX&yje9_nF=2`k|%{ety4zRE>=~*Vy37>YZ
zAUd|5l#kvUTF}=~wexyuaK3PJW=^-^Z5tD37d>ebZ{eZRxYNC1SQK(O0cbsOIsfs|
z2YHY3EdN2~AW1HHR(-Q1pS6fY?*ID!_TYZ)JAObLy{e5Udvj-o()=kmxU(zn{D$G!
zz4pSUf1aC+T69%N%9sr4s$IB#_+_5#?1r-q57`|7U!KV8D2}&M<d^3@S9{OXt<i92
zs|qzLs=TC^FwnE>kjc#e6<Ju5T!04SHZLW*PO8$$skiTLq&2Unp82ngh8A41?Xinp
z?6f<1FvTes+fG^ET!@7MAN3-Nr$@mD{!V*43=QnZvI+b*cZo;1gmx2Xsv(c89yO4~
z=O-2e<G#NVm=vrjM7mFh*owNfLv5YN+PcT~xSi5$oMA#5{iZ=AL)4oa`ok5}#T#ZM
zjIEwYi<{pTU3%Vl0ZllO?FDs4`Cm${5b_9N9<=OCyOZjr6<MpZql#een2isu@64mc
z=WNcS?WRjU@9U5PEbY*w^w5gvlV7`4&<)<`D#hN>I0y_c8l#TG1ly>c9+27Ow2?hd
ziuW{gBjygXi9iyD?d>+8RgN`OTzyq2BM3Hh<sITVq1cpVd^7C5ds0T=y|W)a$e*RB
zO&zyzeKkgcUUoy-Yq>px>b^_KDb{rH_eL}lXSPjpOg;EapT|`HjJ;<K;3yY9Cdz;R
zPSwI!jUg%ucJ2bHZ;eRSY#3)fhNIzv2f0sz8y587(jx=xuMFJl%Fycs%jc_x$e&5>
zF8Sd{yE$oM>C02-)@k3?Zv82bD_`_|Aa9y_dz{hjC}OGHK|Pn0W(h=Wel#RBRSY9M
z=M!nZ%2;0B{=F<4lg$LxZ=y9oRTmvBLPtl+g#!S(x0Vg>o?pJbs>%OTU&d&!EPtrh
z?o=#GDY{^sfKGoMm31f0S3Wx~Rtredu8F(oNNW4+Q19WBu4ls^6iyzA+ocmXFESWA
zdlD$z{7pkwr@D>9&NsBbixOUWi*1=aDH*k*rks?aF{0$=lHRgcWx>10j8j3a=1RKR
z<(4w2^-V|;vuc`493|4c!QrM9cn>A<c&Un1pXpcSJYj}<WG9_0ZvIltuvV*S)Jima
zAc60sXC29VP}7s+RGXn?Ps2%sGCXbQ{0GkGVi3plYu0Tf)dJ}l>{co_k`0DR89vq$
zF5i4~yT6D>oI>BDhE3a8t8(#P{7k*Hz2Q&=6?J)iWor_lFxx-AZU&Uf5y!(MQmQ)V
z*%QqlcInIK1?NWt^(E;=KQN~6rH6Fz&8(Bzvt`yI*tMvwpn>>^<Uu%*^hL&|yd5}D
zeNY?7_`~C-O!Z>Vm`n92NYK83^e3NmuWm?#bkYnwbj&cs+@kBd01AkY+;Btm|5%#h
zo>av#rJ*+ed(<)gjW=Y}`8K;V8Y1<tgF^;`Wc#QA6b&yWf+VUc&&=8;V@VFR*>pim
zn*&-#5WF>m4+gi4&9DE%w&u-wyVO2PX9?uZJnPq3N`=2vl?y0aAmeGZryl3zzS8P_
zr6o&ZV}`;SXgXP9n1YMMTK)TXyYE_1b+U{yn`cO<K+D`R1NIyBqoui@vV|QTLVwfF
zf@%_3CnU@tz-kWohRa?<evj^%D(v|Rgfalw_~gxRN5{JKr}oM1%lH@KG6L_f+&W=6
zj(h(h^5rnJX!p|RpqU+<z+6y#&A)bI30BuXyL#qJjNf#ZSpJ7w4{Zm=IKSyc8jn69
zYS-U+9ShdH7uotE-}XLMz}t2C+Tocw8bu3#En25K>Q(h~mH98SLW<+sY&5G*?o5Og
zualBk?qq$mLWOlr>xiqhPnaWzMC`8^99yvBVRmx`9jbHDyGzDUG#jjk#=`+jnGn6)
zk$4>e4|G9@n?LAM=*UFxcB92(Ty;lAtnm!LGw4-{%Y-9ykO@_eX-}=H1rG2Y(*?tD
zqS=?N3NfjDGY3d{>N7EBD8MSKaEy}#Nd60sJT8D^A^k5nGCoG@Ql3<%*dOMaCQtQQ
z!B3O6KeP7vJP;0!nqJ!^i0=1}8kv6)wKc!14UnD#LJ?FjioyA{n{&zyEL}tk*E`+9
zB<@s3?Fhi3gCszwBnu%S!g3`A{z6OKdP7yz&kaDfB@BM3HPM@dZD)s&M4wq_;PNJ5
zx11B7HDB$Oro{WN^(&aBe5Jcoy<Lm_nt?kzAWmLuVR&KWQ;eV8<0Ur8^#s@_N!1-2
zYteue>Wfi77j|K8pb>wC#FE~s8)k3rU2Wa8W9UlCdZM*&AkHY}y7f}ZATj*roG;Ux
zVRQqTkh<1qc~Ikr_P2c0V45GwymZ$90KN2qndj5Xny8L=>PfuOO)`}=?FYDCma<c#
z+0#4i+;upcm<f_dAfdCJNAKZDBVOkSy=c#)CC2|JP^I?fpXeW@ja943wrZ>v`WE+Q
zRwU2n{)?bN(#sn?TYY0&2z@ci_+5Hx*OldDx34=t?)7}=diSii`Gc0fFpBg4iP545
z=j>h`*=M@EdD%%dX{b|V_DLx2s?p7XvCqa|Bb7t~=N0FMK}qWNf1)z;5eXo6tEP2t
zpQKy0bg91snz5D=t&!cK-Zur^iq))Jqr(jRQRWZcp`XA~16UXswZVg(oK;D9{wZbi
zf}@tQ2o4E)QWcxCkgXXvnRI^QMpBD<#S&>re*r?Fu`ZbvQ*h;0$6e*IAbUtCj_=+s
zkcj3(yz-^^^F2<#0_IWG16{Kp=`wee-FC}&PmsC4z!{C1-->-bxe5*oj?_9vx(1+`
zJ9%8RdXsi1EbrZu!3Qy$LG$1e$VO>2vE<IQ_HrQh9+5_lv!LsQGaLTErFW*i=%X!4
zG4(VCq3}@VLW-+_xbknEoUM+@YZ_toRAO?eP~`o7i$N%B(u0&v{|jx(T<;}_u{~`^
zt28@=#};C${56Y$JuicPaE)6P$3J6q%$-QZ9O=g<0@yRSKLrkvCpa=SdAj-em+db0
z)vVu9jU&Z^;1GU8nnpC57IPH;ULNk2q&a=989T;p&DNp<3g{J26(e&ozHC!7%u&^u
zi#aqs(VHjGru|8TJF?FL_?iZy+fm|zk{vkOnoU6+fpfSCa^pV865Ms?Ypc#+%$sAs
z|F+&kW7cSp1DYlpN7|~Kw|E^pb&P_^1C6)<6{52XQ@@UPx2@{gW-mpmxuew8KS1Jg
zY#G6e@+XJ+RC>0(xR?UOCZq{1pn)Kzp8gY*;gE2`<Eneu_M>)2UolpzEu`~<D=Oc$
zK)dx{Jg;+a#r@>ZoGZTx<lK`tKiz)0(!1w&TG1D~@Fn?)KZoZhzo&|aB#3Mp&5>?C
zZMX7v@XL(@uZ;ueyXvBkE`GbcRK_RwZu@sx9pmvUw{(^_%fBDp7^0)Y+S?mA#j&eE
z#dXO~s>y9BT6`=PxtJbzlnl!L;V<tcL!hfv)$#J`YM3hUxIO(Op(-^1a14QnU=sQl
zcvW*%19f$vNN!yq2{C3D7@D9EUX263ViD)NR%xImkuB`-J{MQ&;|rv`NN+=V2|nx`
zUh0+#;#5<e8^3mU7S*Grsh~kxG4N8%G1M>Bus``YNVZOG<<*{wF2xv{(i=kiWt`A?
zWnV|3rb4_Fz6nFD*;E7RUuU%~kH)8!V46&8(_jjQA1PlbseD~A(aC{jl#cCM7oUl_
zj{My}cC81Ubjxu5&tFVWUV3*O-_T;2Hf7LB8w>K-%Yfs=K1-6hb@bL2?h#Nm!Xe&+
z@gLmV+hvqXu9437{eq1uUR2WYs3UUl%VlV4M&pTp>W>w|nEt{c$0X(ZxC?FG_dRhX
zeahYjLHa|#k2Sb2upX;_@GZ!0d(_fB@uMh~tr%18lc|BrIm67xST@8ojAx7XjuV_O
z6h9HEZf>7u0M|5Qk2W?Cr}86iqkPBnjyagNFUt71LOw5t3=H?gc<?*hGWgC2W%BBl
z*E1y^=i~a~pSTcRW-_7h^Z})rNRO)<!u?R2es;8vl+TRlWrrVLn?Bx@cHoCJcTT!x
z5aQ_)dM`&toe4kPrBn6|^^XWlPTt6_U%Jg;(gjZQ8zXN<ax(TD-z)$289^IZ-=|KA
zU0^@h>ZJ}cO$Ebg2pW&M@b{j7v5EV)kW4BLZQ&{7`IN7QKoZ@oZUNvT8<v2!t6B3a
zw27W0W&E6vI2iAd+7}|hp8)(?4y5CA%yc7c5M}D*TFrt(&BiVxe}+EjGa$j60=dMP
zb}gCH)QLspbfaNxS^R$y&bi;Me$<*Ely{c^slaWKW99PSx*Y~;9uFbLn|h))-U$)m
zD1~vk+Z^Pg6yAOxw9pask~iCks<M?lcq2){qSD$6v3>Rs?xQ!4uN!4#L9=%)^p#dj
zZ@vBG#`GNSeScP5;s1}O+@5yzWZsFI@PbsCtcyGvc=yVFImK}pD@elKr*`k>kF<fl
zB3b>(sH}~Vf8=O>>AYsos_EC1-$0gsbwn;xe7@D~rl4H|<qsa`Ay@j&<nxG?uLX10
z-o1#*>NxYkE?Ip3JvlYV+vL-1_G%6TvgtP7I>^MOpdq)1M=$3#RXJ^fq{Mny`}$Z9
z3ToL5mZT842!g|0F0Od$QHTV~)Gjw+fkzr3BxMYz779qe2%@gD@^2+?RC8h0%^>u6
z70wpY<v7q>!s{Ip_@ciMh;LebA0p+vai9hNfjbW@Wq}RenrLcCv(I_Zuy5@xhxvoR
zLt^WG5yoZt-C(XGo;KAkwulR`K_7_Qh9Q!QN@-*ss_YYHK-R3kjc!)LtFZD0><3=T
z#OYL|+J_Qz1+<5+HvYb(o3ctp5}BK^vXXgQQXP^BS=n6n!#Tk!fq=ETG?D(8b}5X7
z-aXK=1|i3_cx!Q3+YehQY1w^zr1obKKt3Z@`l-C&pCv$gD~iqNJ03yH&sJ$T<Nq@@
z{~0_P!y+sh-~Wxfo+oULcV#T?D2yGLaldzgkLcerCM}q4L|IEr@t}xrS#{8h(-Bs;
zj4uCg@v(&^$KqOnlw>f<akpxQ|6o4_i)~oyk2zKwToVOgCdl|EzctlmdHn*~NdLc8
z7t`BOD;iW=>rq(&5E1caPp`Cdze)o!{6fMit@lxDQzRm`BY`U+Z=_{`=0H6Gl5U>w
znU7wxm>uG*$<$kGja90W30TQnyz$@F>0hOT{DYP6pI2<PBy>A&-n|H3w?Zt@wg;=s
HJre#0ti=sr

literal 4784
zcma)=2{@E{`^U#R))_gL>@%Wcmm<-OZP0{projv*W0@>%NRBQ0R#L+;l(K~*OO_!^
zh%AK(k)<gSQFgLq=l`JI&ijAQ|2_ZfdS>Q%uIIXc*ZusS&;7l>_uMcyJ;lu-%mD&{
zxKE??F(44bHQ?NXjS=|H_RT^9KMYqfr}RLD9ikJ!1+%m68C?*l<PPViJqvKn?vBP^
z1%Y_Ic0UY*=OuiA6NA(Gx>%ocGk0U-r^`9Q7vp_fYn+s(&Q~&<bNUB*pNH7xmZyu5
zPkCc0i~UEq8i8ZpWqa+5M665-_4A{XafD67BKi{JBC#=PaZzF<<TL+(nkK3Jw-utz
zXuVIjV}eLrZS-<=%}f|~TKLYb*`3ahXSCYpGaJt8s$j44jMYcYEih_*y%&WXuKnC&
zJ`tG*mJ@?TDCsaKO13EJa2?S3e!b)__Q)%k?<uIOwA%{j0hx7HyE#q|Wi$?EBkKvm
zg!9B7_2`H|u$np?gy0hah+)F|5|tkld%0xG0Hjw#4JSrm51kSS<2@XX%@oNX#_*?2
zPU^6xQuV(&MBm8n(nVX5m2RN&y5_sW1?d4Vw+b)b^UR~USR2avbwCg?Tnx$DY)9u4
z`1#V#m9k|`zpEeqFg$0`oemloR~t`apmCtBiW%KrD>+L0VQ08&UX*k~lZU`*sDX<t
z%{c=ck4hXZM4PDRR}q?X7EPu?Z>=pq%A*8J5LvVq$%#p>n#fqc789-TN;=0)vyDD{
z7SiP7#C-13P<}-+iJ?>qgl3W8Y+4{I9g4}iaMC<Mfw$lUIEiiwW7!W-OZMlMF!6Z_
z?;Zb`%#W+G*F&pmvRR_lJe^d^fJY7^bDZ+!({NG2UNZ0d{V+LsMkmck6cg(rxH?gw
z9}5XEDi|(}`<<N!#r!(NNF9qbpMYfvm4PV0mg;Y+r87|=`};g-zO0jNb5j5LOFi`5
zaD$9%D<J@4&1C__KFx3wzWX?Bk|}!kEoxK(ksl|Ha1FiKJf+3eSbBGZbTHEX#~~23
zvr%L?*M0^0rD%FXR+;1jTA*Ia?fEop*BSw4Gv+=e%aOmHqvsv4+NcWFavDPD^BrA-
z-ydv!;_MUk>yA`|Z;Ix#sI+Bz$nRS9jcGxg^sg0=MfgS{N_;y;oc83U|DwdQclhFh
zY{e#K86;c6m1d1h%sW|539xp}AoW&upByzb2@|(1r4|BjKeoV;FVP5$wo1G~S5w+0
zOTMy+*QB$LV~F=D+HDz^2YKL*(UKOBF~c|YlFifJmo`lF{E<Avl)&Ny3z_485jpZF
z$te!Xm20Tf5faD$DM9+CAj(7`7NXZC8&kn#c1fj}sn)v>DuE{Z)nT`k<q0j8=IA-R
z>CCnEqf}fX!_n6xq6hIRrg+`26KWS|d2g4fAA1B)2<0?h&IISJ`H*l^WUj0POhIin
z^T99rX$}|adQKFpj;HfQAi&IBIRalm;i@_V7vow7IE-Uiv+mx~eA3L*Ny}+s9K&k|
zz%tI7xy=RzA0B%PTTjrAtV$_i@IWz~R_tJ4a}BPfOa8IZCyOq^$*-h}?dUi7t|j2o
z5mQl6DX+=X?Ga#dXvd$a7S~^2Z>u<>p7hl)Y}&$FgGbLXlFvzA#_5nlibL-OKfHVA
z?I6kFngHRE04n}~p7f3D9MqrtM2zI~m%qhL@I^lY<5gPfZyPW&=C)dz2grG#)gBUH
zOMXVR$ILS`ZiwDfq+IqvR)<za@;e*P`+2imJvnc5i<&*D`vx-sS>>tw?UAbdczO@b
zh)J<3E=%B#bbZ@8EE0#;5}-z`n;*WLs%W1bHod?%S~z^|RTuOQ>Di;<omc%w5Q%FK
ze^NL%JXg2V-2K2aZ`HTukjs)ws`?tO(%XDBKvig)S;<zw%6jRX=9VvI**R*-cW~5s
zapc#!;tyX^XWUZ+2b6~!HJ4K;&2wwn+p}kDzufZ~++mM;iBgK8EWh0_z}U!%`5<jp
z?<+oEBEl6F%_q%?l)?!*!Jd#oy8jL{Q9t#Z*D_JClqNg1^=O(STLwqVBd!uhAG>)q
zCWr<PG{A?>6nm2B@(=s1N_Z47>{RqqOO;=-@$fU8P6p##uXLkq6#&Sllk&g_F)eZ5
zVPOr}dR;0t;`NRT5NE8_b|EpY`E$LeHGA&GSqqGS7whMAloF(^9CWcdvh(~keDv+?
zs!t1Bo+3ipvUS+nIDUAvRx?js5AGJnXmWZ1t9PUb#<mZvl0y>2adR1STcw3Ts!qtf
zXDpr())HA8SM}6c3PO@NLjq9mJM%X`t}`K<j(T#_jmdn*i^oO{Q$q(>)+LX~gT*{O
z%*$Db@6`g1uThUkgJBi!E$U@kHEqyB?bj%UL;d91@D7s>w{&JFpYpbmj&M=0mS$bL
zK=7shc{-WqK>BdC4h`s4JPTElS%s@>JQyck70JaX^(4FdHbOU3<aoPHic+j-7H#B5
zq^T8M#<nyvNpem%^SG7u?Uh(7@pFih;HnqLfgoKp(=(dYI?lyfG`B1pW8hvv$R;U1
zr>cTQ0nXgqpt)rJU=5s{hUHWDcHwh3pS>NVc;u~4vD>+$=e`UxMcJ=PU0#{##7t<3
zYq|fBH9+5nUT*(xceO2d<jdEZp!+_9quNmyoTHVE{}{ed>5jK`?ed>kQpfhCiFJSR
z{Uf%xIakbX-lrj@+SVngeNH$qWS6Tcjb)Wxt~8FP8MOtB<qj<*OKc|-5Jf{CJ_kmr
zIQ*SjyWJ-b=`W3_qw|_T1-iQ#vmq>&6UnI`c=N#-oR=RRs7Y0fz3kI$ttW(W2q9i-
zeZwqMOqEY~NL0)Z9sUq!mD9z2))VB(85JP<yp2LCiaux8tXGVd2Kte8vnbXYDHQK~
z-k>GZ6SP;K))nflgog=>EVyzk66j4rEjGO^3|%|R35wy{NpbSDa|>gH(pw70!HI8-
z%w3nA(5d(M;dj~?<|q0%Sgv~>qH`wrU#gCT690-_oygx~$CR(n6B(ZUBDR3-a6D*L
z6(?R2T`j%BO0of!6B@y=w0J{E^mb9sMK~Es+Tf<xSp=m=;S3Am{_OD%u7mYA53CN(
zJfOn36qr7~A^H;I7)>v8?Q;(eww2HTRYjn*5@yt~ffidK;toPpk<-#%=UD?{n&7=I
zx_F`_d$3v982$<H%-<<w_y-Chc0$69WW+J~&>K=9E$+k|e7R%=Gmx()fs_d#Bz{M<
z-0)IinW!@VoLUXRf#GWGB{$>jFfwaEQqfY$>oT?)V?Z*tlDdzoRGS+SGWF|@1`{sk
zzB_pLFCdEFc~<)!#57lQl>Nck5$~aG1<FrNvp>lAZ4R7#)|6lS&X+C6my3skB>PR7
zhN2H&X{{OS_ZX&Dc0XL{o=`3-&_0>fxqDmC^wSv#S^EWW`)lZibWO+ED-{ZXopX-Q
ztcTA)><62xb^bxq6xm4{0FSYhh_W)~H>J(8HtF?kh2}RypM*1J$<y>lc#*i^DY}8R
zb)&e(vDnLZ<C(}dCq^GL%UdPZO8Q;r=X@?nfdSTr|Eiv}P<MqTB`Y6QC`eM1NK~|d
zqJ?kL?lQx&^ehqY{q}52B*fF_Ut$*|T}7SderQ&NHx#(fM01sH4+#mhx=M^1F#X0j
zb~`KIaSTRYwvc|?w~>HrOzkDXH4{JIrmfH}IR)4U=K39y*W<Z<6CRjba*)48O&8BS
z%>{N!hq-ESJhgM1E{8Pdw8R1sfVwUEm`XiiXh3h(sU!5g)x>=@e&pfaNt3s8{x=MR
zq0GLA>7h77@wf0j7SL9B=qpKv7SxaU)BybcUaZvAEL{5r_KPNs3R9C_-xC@)o3|{z
z^`?lqN(<0iou_SnL;-dk@p%5u^1+-Y;cq{1tnu@G&WJw{dN9((OQ#^-7RAaD{|@6C
zRm2r*-=aoCJ=GjtpQ-oc+{+#fWPg^tzXan$rvtX7&p6g7!cVHYJs%u~sEW$}ojf+_
zaUHnJ?`2OKGwRHX`BWW{c_)I*foHfImfih4?;N1+p-s4GxZkT~owDpnhAzN(=8|o0
zUFfsQ`1M`&QB(dP<nRU?U<Dfq1GDebvb*;uiM?-B{q~m554D^I)bdn_dU|V)$4u+c
z&aXkUBEFh}N-^?^e#$A^=56bxsCC4Z1r+Sg%4ai(5@PiJrqcF736IsfM$XwJ_w}4}
zhWO3YqD2-ngL0qFV^wMDYlI=c8nY-{0r{ztm6)t@tmeF5`MkPK=)`k9YwPr$jCwi3
zo6_orr=FZ8;goTpk;3_F927ISTwU4!bdEV&t`kBbWbm<EU}xF2hE39b#i0Jun6k2G
zJZm?EKYVXwaMr)Ym{*|=d(AzLxju(C3VY~XFT6j7nhd2S=7FWSn@J{&JQ%oq>ZMvU
zX-KZ2-HlDlSW%uWJ2Sf8cp9-#!9Q&L&Cl*F<sTBLd_)DzP!yH?C$P{JaH0*l@HQn(
zr_YK)w3$2Wa2=jc)ALej7fYH;df(#n?C-f&&#EkdIuydI=R-7jq`n#VHp_gRD(M-I
zn+l^Ug0k`pz~{$w$ZwS`t~fQ9K3<V6dB&q*{3EZ*F9ozWbI>IoT8o;KvMxrUy^}2B
zD@TqsqUrO3(pYJz0!UQ~f>q{sDFO+3B!(FVZN2HdpWNtr3qy<I1OJYvh^=iMXvr;G
z)HhzuV;X@C-Y4jVWhPP#^RC5+rb+VqR>xq^Q~R)j7RUuY<;z;qeS&&`0A1_clKeVZ
z5cYpqfDh*w>Dj<aAuzyA8ZpOU6aOptfxr05#J;n2)d)lc2AyE}Pdz??aW&2sY2r2N
zlBqU%rNnm?&XJ)&B-AK;{Qp<Lm51Qh-z(r+q}Rd7VWmCK;QAN804MGQrfZC0zb^U=
zYI`HDc(OX@wg&l*Ir0=DS=R_x8t!WkTK%VLgI5jZt(KCI8SeH)R$AgA+Ar=SMkSt8
zXd_O>J}Ehamw`$cdbw4X-{`;X{ppPOT)Wu>H1r<|!5G$jyf~}uHRd?)e_=lo>3RNN
z?Ax$g0<an^t;-378p!DiobH$VOiWj_*r6E-Qh{liHy>5i@1~_-lP6AA<x5gw*Fi_@
zy;RDHEMac3(fJ=1GGoUG@T?;Gz<j-LBG_tD_om@BB^%QjmNv1|RxjIhVN>}=#k*ie
zBLB+!Y6CFj8Cr(J*7;DI7)KR3@`X^U@LQqT;pL|GL>c>B4>CooN(I_KZdfHaAvYC*
z-^X7B|MlY3b)y3NJ2j#|F(0E8mHu$0%%@9KuQb|3-+$aOi+Ll<d2!|4_fCNRiDz-t
zzNNVO?=2wZo^(xIC4Ex6k)HEmwm0D5|Hc}K1C%Ls!(gPB#wpNplc(v3ekPLxWmNd6
zIk_j%2<e0LDBat{#@t$+Dwe&>rGUbfZP_m@hTo`cg?PJ&O`|=OO@9Fk-=^T|Z5?;#
z3s@Gz(3t#n1=Yuj`3_xMnB{cWT(2-3^U#>cb%k(j3rD@E0tI5Z9J;$1FZ8&&91Fn@
zfp#0cI}k?<IP5kDWY>4MF?8y0+=h?;_WD%N#Kh&>h!akxz`snO(*~ycg?hx${{gvG
B<z@f?

diff --git a/linpe.sh b/linpe.sh
index 76535ad..ba7a40e 100755
--- a/linpe.sh
+++ b/linpe.sh
@@ -119,11 +119,11 @@ notBackup="/tdbbackup$\|/db_hotbackup$"
 if [ "$(/usr/bin/id -u)" -eq "0" ]; then printf $B"[*] "$RED"YOU ARE ALREADY ROOT!!! (nothing is going to be executed)\n"$NC; exit; fi
 
 rm -rf $file 2>/dev/null
-echo "linpe v1.0"
+echo "linpe v1.1"
 echo "Output File: $file" | sed "s,.*,${C}[1;4m&${C}[0m,"
 
 echo "" >> $file
-echo "linpe v1.0" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file
+echo "linpe v1.1" | sed "s,.*,${C}[1;94m&${C}[0m," >> $file
 echo "https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist" >> $file
 echo "LEYEND:" | sed "s,LEYEND,${C}[1;4m&${C}[0m," >> $file
 echo "RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," >> $file
@@ -296,8 +296,8 @@ echo "" >> $file
 
 printf $Y"[+] "$GREEN"Testing 'sudo -l' without password & /etc/sudoers\n"$NC >> $file
 printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#commands-with-sudo-and-suid-commands\n"$NC >> $file
-echo '' | sudo -S -l 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m," | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
-cat /etc/sudoers 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m," | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
+echo '' | sudo -S -l 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
+cat /etc/sudoers 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
 echo "" >> $file
 
 
@@ -545,7 +545,7 @@ fi
 if [ -d "/var/lib/ldap" ]; then
   printf $Y"[+] "$GREEN"/var/lib/ldap has been found. Trying to extract passwords:\n"$NC >> $file;
   echo "The password hash is from the {SSHA} to 'structural'" >> $file;
-  cat /var/lib/ldap/*.bdb 2>/dev/null | grep -i -a -E -o "description.*" | sort | uniq -u | sed "s,administrator\|password,${C}[1;31m&${C}[0m,Ig" >> $file;
+  cat /var/lib/ldap/*.bdb 2>/dev/null | grep -i -a -E -o "description.*" | sort | uniq | sed "s,administrator\|password,${C}[1;31m&${C}[0m,Ig" >> $file;
 fi
 
 #ovpn
@@ -557,30 +557,34 @@ if [ "$ovpn" ]; then
 fi
 
 #SSH
-ssh=`find / \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) -exec ls -la {} \;  2>/dev/null`
-if [ "$ssh" ]; then
+ssh=`find /home /user /root /etc /opt /var /mnt \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) -exec ls -la {} \;  2>/dev/null`
+sshrootlogin=`grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | awk '{print  $2}'`
+privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root /mnt /etc 2>/dev/null`
+if [ "$ssh" ] || [ "$sshrootlogin" ] || [ "$privatekeyfiles" ]; then
   printf $Y"[+] "$GREEN"SSH Files\n"$NC >> $file
-  echo $ssh >> $file
-  echo "" >> $file
 fi
 
-sshrootlogin=`grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | awk '{print  $2}'`
+if [ "$ssh"  ]; then
+  echo $ssh >> $file
+fi
+
 if [ "$sshrootlogin" = "yes" ]; then
   echo "SSH root login is PERMITTED"| sed "s,.*,${C}[1;31m&${C}[0m," >> $file
-  echo "" >> $file
 fi
-
-privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root 2>/dev/null`
 if [ "$privatekeyfiles" ]; then
   privatekeyfilesgrep=`grep -L "\"\|'\|(" $privatekeyfiles` # Check there are not that symbols in the file
 fi
 if [ "$privatekeyfilesgrep" ]; then
     echo "Private SSH keys found!:\n$privatekeyfilesgrep" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
-  	echo "" >> $file
 fi
 
+if [ "$ssh" ] || [ "$sshrootlogin" ] || [ "$privatekeyfiles" ]; then
+  echo "" >> $file
+fi
+
+
 #AWS
-awskeyfiles=`grep -rli "aws_secret_access_key" /home /root 2>/dev/null | grep -v $(basename "$0")`
+awskeyfiles=`grep -rli "aws_secret_access_key" /home /root /mnt /etc 2>/dev/null | grep -v $(basename "$0")`
 if [ "$awskeyfiles" ]; then
     printf $Y"[+] "$GREEN"AWS Keys\n"$NC >> $file
   	echo "AWS secret keys found!: $awskeyfiles" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file