darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #363 from camercu/master

Browse Source 
fix su brute check.
This commit is contained in:
Carlos Polop 2023-06-29 12:53:47 +02:00 committed by GitHub
commit cdd342fb26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
linPEAS/builder/linpeas_parts/6_users_information.sh
View File

@ -214,8 +214,7 @@ if [ "$EXTRA_CHECKS" ]; then
fi fi
#-- UI) Brute su #-- UI) Brute su
EXISTS_SUDO="$(command -v sudo 2>/dev/null)" if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then
print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
POSSIBE_SU_BRUTE=$(check_if_su_brute); POSSIBE_SU_BRUTE=$(check_if_su_brute);
if [ "$POSSIBE_SU_BRUTE" ]; then if [ "$POSSIBE_SU_BRUTE" ]; then
@ -228,6 +227,6 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] &&
printf $GREEN"It's not possible to brute-force su.\n\n"$NC printf $GREEN"It's not possible to brute-force su.\n\n"$NC
fi fi
else else
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)\n"$NC
fi fi
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC

4
linPEAS/builder/linpeas_parts/linpeas_base.sh
View File

@ -74,6 +74,7 @@ THREADS="$( ( (grep -c processor /proc/cpuinfo 2>/dev/null) || ( (command -v lsc
HELP=$GREEN"Enumerate and search Privilege Escalation vectors. HELP=$GREEN"Enumerate and search Privilege Escalation vectors.
${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors. ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors.
${GREEN} Checks: ${GREEN} Checks:
${YELLOW} -a${BLUE} Perform all checks: 1 min of processes, su brute, and extra checks.
${YELLOW} -o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list. ${YELLOW} -o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list.
${YELLOW} -s${BLUE} Stealth & faster (don't check some time consuming checks) ${YELLOW} -s${BLUE} Stealth & faster (don't check some time consuming checks)
${YELLOW} -e${BLUE} Perform extra enumeration ${YELLOW} -e${BLUE} Perform extra enumeration
@ -745,8 +746,9 @@ su_brute_user_num (){
} }
check_if_su_brute(){ check_if_su_brute(){
EXISTS_SU="$(command -v su 2>/dev/null)"
error=$(echo "" | timeout 1 su $(whoami) -c whoami 2>&1); error=$(echo "" | timeout 1 su $(whoami) -c whoami 2>&1);
if ! echo $error | grep -q "must be run from a terminal"; then if [ "$EXISTS_SU" ] && ! echo $error | grep -q "must be run from a terminal"; then
echo "1" echo "1"
fi fi
} }