From afc836c18059385d5591b29b2cd58c74a1bd3df1 Mon Sep 17 00:00:00 2001 From: carlospolop Date: Fri, 23 Aug 2019 19:29:05 +0200 Subject: [PATCH] little fix & search for cached AD hashes --- linpeas.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/linpeas.sh b/linpeas.sh index cc5ff20..b926111 100755 --- a/linpeas.sh +++ b/linpeas.sh @@ -1,6 +1,6 @@ #!/bin/sh -VERSION="v2.0.1" +VERSION="v2.0.2" ########################################### #---------------) Colors (----------------# @@ -435,7 +435,7 @@ echo "" #-- 4UI) Doas printf $Y"[+] "$GREEN"Checking /etc/doas.conf\n"$NC -if [ "`cat /etc/doas.conf 2>/dev/null`" ]; then cat /etc/doas.conf 2>/dev/null | sed "s,$sh_usrs,${C}[1;31m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," | sed "s,nopass,${C}[1;31m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m,") +if [ "`cat /etc/doas.conf 2>/dev/null`" ]; then cat /etc/doas.conf 2>/dev/null | sed "s,$sh_usrs,${C}[1;31m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," | sed "s,nopass,${C}[1;31m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," else echo_not_found "/etc/doas.conf" fi echo "" @@ -722,7 +722,7 @@ fi echo "" ##-- 21SI) .ovpn files -printf $Y"[+] "$GREEN"Looking for .ovpn files and their credentials\n"$NC +printf $Y"[+] "$GREEN"Looking for .ovpn files and credentials\n"$NC ovpn=`find /etc /usr /home /root -name .ovpn 2>/dev/null` if [ "$ovpn" ]; then echo $ovpn @@ -733,11 +733,11 @@ echo "" ##-- 22SI) ssh files printf $Y"[+] "$GREEN"Looking for ssl/ssh files\n"$NC -ssh=`find /home /usr /root /etc /opt /var /mnt \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) -exec ls -la {} \; 2>/dev/null` +ssh=`find /home /usr /root /etc /opt /var /mnt \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) 2>/dev/null` privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root /mnt /etc 2>/dev/null` -certsb4=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pem" -o -name "*.cer" -o -name "*.crt" \) 2>/dev/null | grep -v "/usr/share/" "/etc/ssl/"` -certsbin=`find /home /usr /root /etc /opt /var /mnt \( -name "*.csr" -o -name "*.der" \) 2>/dev/null | grep -v "/usr/share/" "/etc/ssl/"` -clientcert=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pfx" -o -name "*.p12" \) 2>/dev/null | grep -v "/usr/share/" "/etc/ssl/"` +certsb4=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pem" -o -name "*.cer" -o -name "*.crt" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` +certsbin=`find /home /usr /root /etc /opt /var /mnt \( -name "*.csr" -o -name "*.der" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` +clientcert=`find /home /usr /root /etc /opt /var /mnt \( -name "*.pfx" -o -name "*.p12" \) 2>/dev/null | grep -v "/usr/share/\|/etc/ssl/"` if [ "$ssh" ]; then echo $ssh @@ -790,7 +790,7 @@ if [ "$krb5" ]; then for f in $krb5; do cat /etc/krb5.conf | grep default_ccache_name | sed "s,default_ccache_name,${C}[1;31m&${C}[0m,"; done else echo_not_found "krb5.conf" fi -ls -l /tmp/krb5cc* 2>/dev/null || echo_not_found "tickets kerberos" +ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" echo "" ##-- 26SI) kibana @@ -832,7 +832,7 @@ fi echo "" ##-- 29SI) Vault-ssh - printf $Y"[+] "$GREEN"Looking for Vault-ssh files\n"$NC +printf $Y"[+] "$GREEN"Looking for Vault-ssh files\n"$NC vaultssh=`find /etc /usr /home /root -name vault-ssh-helper.hcl 2>/dev/null` if [ "$vaultssh" ]; then echo $vaultssh @@ -843,6 +843,14 @@ if [ "$vaultssh" ]; then else echo_not_found "vault-ssh-helper.hcl" fi echo "" + +##-- 30SI) Cached AD Hashes +adhashes= `ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null` +printf $Y"[+] "$GREEN"Looking for AD cached hahses\n"$NC +if [ "$adhashes" ]; then + ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null +else echo_not_found "cached hashes" +fi echo "" ###########################################