darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve containers

Browse Source
This commit is contained in:
Carlos Polop 2021-09-07 19:03:51 -04:00
parent 9709d53749
commit c36a2b05d2
3 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
build_lists/sensitive_files.yaml
View File

@ -2283,6 +2283,21 @@ search:
- common - common
- name: Wget
value:
config:
auto_check: True
files:
- name: ".wgetrc"
value:
bad_regex: "[pP][aA][sS][sS].*|[uU][sS][eE][rR].*"
remove_empty_lines: True
remove_regex: '^#'
type: f
search_in:
- common
- name: Interesting logs - name: Interesting logs
value: value:
config: config:

22
linPEAS/builder/linpeas_base.sh
View File

@ -881,7 +881,7 @@ containerCheck() {
[ "$(find / -maxdepth 3 -name \"*dockerenv*\" -exec ls -la {} \; 2>/dev/null)" ] ; then [ "$(find / -maxdepth 3 -name \"*dockerenv*\" -exec ls -la {} \; 2>/dev/null)" ] ; then
inContainer="1" inContainer="1"
containerType="docker" containerType="docker\n"
fi fi
# Are we inside kubenetes? # Are we inside kubenetes?
@ -889,8 +889,8 @@ containerCheck() {
grep -qai kubepods /proc/self/cgroup 2>/dev/null; then grep -qai kubepods /proc/self/cgroup 2>/dev/null; then
inContainer="1" inContainer="1"
if [ "$containerType" ]; then containerType="$containerType (kubernetes)" if [ "$containerType" ]; then containerType="$containerType (kubernetes)\n"
else containerType="kubernetes" else containerType="kubernetes\n"
fi fi
fi fi
@ -899,7 +899,7 @@ containerCheck() {
grep "/lxc/" /proc/1/cgroup -qa 2>/dev/null; then grep "/lxc/" /proc/1/cgroup -qa 2>/dev/null; then
inContainer="1" inContainer="1"
containerType="lxc" containerType="lxc\n"
fi fi
# Are we inside podman? # Are we inside podman?
@ -907,14 +907,14 @@ containerCheck() {
grep -qa "container=podman" /proc/1/environ 2>/dev/null; then grep -qa "container=podman" /proc/1/environ 2>/dev/null; then
inContainer="1" inContainer="1"
containerType="podman" containerType="podman\n"
fi fi
# Check for other container platforms that report themselves in PID 1 env # Check for other container platforms that report themselves in PID 1 env
if [ -z "$inContainer" ]; then if [ -z "$inContainer" ]; then
if grep -a 'container=' /proc/1/environ 2>/dev/null; then if grep -a 'container=' /proc/1/environ 2>/dev/null; then
inContainer="1" inContainer="1"
containerType="$(grep -a 'container=' /proc/1/environ | cut -d= -f2)" containerType="$(grep -a 'container=' /proc/1/environ | cut -d= -f2)\n"
fi fi
fi fi
} }
@ -964,7 +964,7 @@ enumerateDockerSockets() {
} }
checkDockerVersionExploits() { checkDockerVersionExploits() {
if echo \"$dockerVersion\" | grep -iq \"not found\"; then if echo "$dockerVersion" | grep -iq "not found"; then
VULN_CVE_2019_13139="$(echo_not_found)" VULN_CVE_2019_13139="$(echo_not_found)"
VULN_CVE_2019_5736="$(echo_not_found)" VULN_CVE_2019_5736="$(echo_not_found)"
return return
@ -1313,13 +1313,17 @@ if echo $CHECKS | grep -q Container; then
checkDockerRootless checkDockerRootless
print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
fi fi
if df -h | grep docker; then
print_2title "Docker Overlays"
df -h | grep docker
fi
fi fi
if [ "$inContainer" ]; then if [ "$inContainer" ]; then
echo "" echo ""
print_2title "Container & breakout enumeration" print_2title "Container & breakout enumeration"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout"
print_list "Container ID ...................$NC" $(cat /etc/hostname) print_list "Container ID ...................$NC $(cat /etc/hostname)"
if echo "$containerType" | grep -qi "docker"; then if echo "$containerType" | grep -qi "docker"; then
print_list "Container Full ID ..............$NC $(basename \"$(cat /proc/1/cpuset)\")\n" print_list "Container Full ID ..............$NC $(basename \"$(cat /proc/1/cpuset)\")\n"
fi fi
@ -2556,6 +2560,8 @@ if echo $CHECKS | grep -q SofI; then
peass{Cache Vi} peass{Cache Vi}
peass{Wget}
##-- SI) containerd installed ##-- SI) containerd installed
print_2title "Checking if containerd(ctr) is available" print_2title "Checking if containerd(ctr) is available"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation"

4
linPEAS/builder/src/linpeasBuilder.py
View File

@ -77,6 +77,10 @@ class LinpeasBuilder:
print("[+] Building GTFOBins lists...") print("[+] Building GTFOBins lists...")
suidVB, sudoVB, capsVB = self.__get_gtfobins_lists() suidVB, sudoVB, capsVB = self.__get_gtfobins_lists()
assert len(suidVB) > 200, f"Len suidVB is {len(suidVB)}"
assert len(suidVB) > 250, f"Len sudo is {len(sudoVB)}"
assert len(capsVB) > 10, f"Len suidVB is {len(capsVB)}"
self.__replace_mark(SUIDVB1_MARKUP, suidVB[:int(len(suidVB)/2)], "|") self.__replace_mark(SUIDVB1_MARKUP, suidVB[:int(len(suidVB)/2)], "|")
self.__replace_mark(SUIDVB2_MARKUP, suidVB[int(len(suidVB)/2):], "|") self.__replace_mark(SUIDVB2_MARKUP, suidVB[int(len(suidVB)/2):], "|")
self.__replace_mark(SUDOVB1_MARKUP, sudoVB[:int(len(sudoVB)/2)], "|") self.__replace_mark(SUDOVB1_MARKUP, sudoVB[:int(len(sudoVB)/2)], "|")