darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

search regexes

Browse Source
This commit is contained in:
carlospolop 2021-12-19 17:54:29 -05:00
parent 6c2bba00f4
commit d30c6ca63a
5 changed files with 77 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
linPEAS/README.md
View File

@ -69,14 +69,13 @@ By default linpeas takes around **4 mins** to complete, but It could take from *
**Other parameters:** **Other parameters:**
- **-a** (all checks) - This will **execute also the check of processes during 1 min, will search more possible hashes inside files, and brute-force each user using `su` with the top2000 passwords.** - **-a** (all checks) - This will **execute also the check of processes during 1 min, will search more possible hashes inside files, and brute-force each user using `su` with the top2000 passwords.**
- **-e** (extra enumeration) - This will execute **enumeration checkes that are avoided by default**
- **-s** (superfast & stealth) - This will bypass some time consuming checks - **Stealth mode** (Nothing will be written to disk) - **-s** (superfast & stealth) - This will bypass some time consuming checks - **Stealth mode** (Nothing will be written to disk)
- **-P** (Password) - Pass a password that will be used with `sudo -l` and bruteforcing other users - **-P** (Password) - Pass a password that will be used with `sudo -l` and bruteforcing other users
- **-v** (verbose) - Print information about the checks that haven't discovered anything and about the time each check took - **-d** (Debug) - Print information about the checks that haven't discovered anything and about the time each check took
This script has **several lists** included inside of it to be able to **color the results** in order to highlight PE vector. This script has **several lists** included inside of it to be able to **color the results** in order to highlight PE vector.
LinPEAS also **exports a new PATH** variable during the execution if common folders aren't present in the original PATH variable.
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/help.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/help.png)
## Hosts Discovery and Port Scanning ## Hosts Discovery and Port Scanning

76
linPEAS/builder/linpeas_parts/7_interesting_files.sh
View File

@ -451,7 +451,6 @@ if [ "$PSTORAGE_DATABASE" ]; then
echo "" echo ""
printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
if [ "$(command -v sqlite3 2>/dev/null)" ]; then if [ "$(command -v sqlite3 2>/dev/null)" ]; then
tables=$(sqlite3 $f ".tables" 2>/dev/null) tables=$(sqlite3 $f ".tables" 2>/dev/null)
#printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
@ -462,7 +461,8 @@ if [ "$PSTORAGE_DATABASE" ]; then
else else
tables="" tables=""
fi fi
if [ "$tables" ]; then if [ "$tables" ] || [ "$DEBUG" ]; then
printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
printf "%s\n" "$tables" | while read t; do printf "%s\n" "$tables" | while read t; do
columns="" columns=""
# Search for credentials inside the table using sqlite3 # Search for credentials inside the table using sqlite3
@ -479,8 +479,8 @@ if [ "$PSTORAGE_DATABASE" ]; then
printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g"
(sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head
fi fi
done
echo "" echo ""
done
fi fi
fi fi
done done
@ -563,6 +563,13 @@ if [ "$PSTORAGE_PHP_FILES" ] || [ "$DEBUG" ]; then
echo "" echo ""
fi fi
##-- IF) Passwords files in home
if [ "$PSTORAGE_PASSWORD_FILES" ] || [ "$DEBUG" ]; then
print_2title "Finding *password* or *credential* files in home (limit 70)"
(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
echo ""
fi
##-- IF) TTY passwords ##-- IF) TTY passwords
print_2title "Checking for TTY (sudo/su) passwords in audit logs" print_2title "Checking for TTY (sudo/su) passwords in audit logs"
aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g"
@ -570,29 +577,31 @@ find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/nul
echo "" echo ""
##-- IF) IPs inside logs ##-- IF) IPs inside logs
if [ "$DEBUG" ]; then
print_2title "Finding IPs inside logs (limit 70)" print_2title "Finding IPs inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
echo "" echo ""
fi
##-- IF) Passwords inside logs ##-- IF) Passwords inside logs
print_2title "Finding passwords inside logs (limit 70)" print_2title "Finding passwords inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
echo "" echo ""
if [ "$DEBUG" ]; then
##-- IF) Emails inside logs ##-- IF) Emails inside logs
print_2title "Finding emails inside logs (limit 70)" print_2title "Finding emails inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
echo "" echo ""
fi
##-- IF) Passwords files in home
print_2title "Finding *password* or *credential* files in home (limit 70)"
(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
echo ""
if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
##-- IF) Find possible files with passwords ##-- IF) Find possible files with passwords
print_2title "Finding passwords inside key folders (limit 70) - only PHP files" print_2title "Finding passwords inside key folders (limit 70) - only PHP files"
intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /mnt /private 2>/dev/null) intpwdfiles=$(timeout 150 find $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /mnt /private -type f -exec grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" '{}' \; 2>/dev/null)
printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
echo "" echo ""
@ -602,8 +611,9 @@ if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
##-- IF) Find possible files with passwords ##-- IF) Find possible files with passwords
print_2title "Finding possible password variables inside key folders (limit 140)" print_2title "Finding possible password variables inside key folders (limit 140)"
timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
wait
echo "" echo ""
##-- IF) Find possible conf files with passwords ##-- IF) Find possible conf files with passwords
@ -617,46 +627,6 @@ if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
done done
echo "" echo ""
##-- IF) Find possible files with usernames ##-- IF) Find possible regexes
print_2title "Finding 'username' string inside key folders (limit 70)" peass{REGEXES}
timeout 150 grep -RiIE "username.*[=:].+" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" &
timeout 150 grep -RiIE "username.*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" &
wait
echo ""
##-- IF) Specific hashes inside files
print_2title "Searching specific hashes inside files - less false positives (limit 70)"
regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}'
regexwp='\$P\$[a-zA-Z0-9_/\.]{31}'
regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}'
regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}'
regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}'
timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc $backup_folders_row /tmp /var/tmp /var/www $HOMESEARCH /mnt /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED},"
echo ""
fi
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
##-- IF) Specific hashes inside files
print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)"
regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'
regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)'
regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)'
timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc $backup_folders_row /tmp /var/tmp /var/www $HOMESEARCH /mnt /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m,"
echo ""
fi
if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then
##-- IF) Find URIs with user:password@hoststrings
print_2title "Finding URIs with user:password@host inside key folders"
timeout 150 find /var/www $backup_folders_row /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
echo ""
fi fi

4
linPEAS/builder/linpeas_parts/linpeas_base.sh
View File

@ -609,7 +609,7 @@ print_title(){
printf ${BLUE} printf ${BLUE}
for i in $(seq 1 $rest_len); do printf " "; done for i in $(seq 1 $rest_len); do printf " "; done
printf "╔" printf "╔"
for i in $(seq 1 $title_len); do printf "═"; done; printf "═"; for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
printf "╗" printf "╗"
echo "" echo ""
@ -623,7 +623,7 @@ print_title(){
printf ${BLUE} printf ${BLUE}
for i in $(seq 1 $rest_len); do printf " "; done for i in $(seq 1 $rest_len); do printf " "; done
printf "╚" printf "╚"
for i in $(seq 1 $title_len); do printf "═"; done; printf "═"; for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
printf "╝" printf "╝"
printf $NC printf $NC

36
linPEAS/builder/src/linpeasBuilder.py
View File

@ -28,7 +28,9 @@ from .yamlGlobals import (
CAP_SETUID_MARKUP, CAP_SETUID_MARKUP,
CAP_SETGID_MARKUP, CAP_SETGID_MARKUP,
LES_MARKUP, LES_MARKUP,
LES2_MARKUP LES2_MARKUP,
REGEXES_LOADED,
REGEXES_MARKUP
) )
@ -79,6 +81,11 @@ class LinpeasBuilder:
self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup
print("[+] Building regexes searches...")
section = self.__generate_regexes_search()
self.__replace_mark(REGEXES_MARKUP, list(section), "")
print("[+] Building linux exploit suggesters...") print("[+] Building linux exploit suggesters...")
les_b64, les2_b64 = self.__get_linux_exploit_suggesters() les_b64, les2_b64 = self.__get_linux_exploit_suggesters()
assert len(les_b64) > 100 assert len(les_b64) > 100
@ -315,6 +322,33 @@ class LinpeasBuilder:
return (suidVB, sudoVB, capsVB) return (suidVB, sudoVB, capsVB)
def __generate_regexes_search(self) -> str:
paths_to_search = REGEXES_LOADED["paths"]
regexes = REGEXES_LOADED["regular_expresions"]
regexes_search_section = ""
for values in regexes:
section_name = values["name"]
regexes_search_section += f'print_2title "Searching {section_name}"\n'
for entry in values["regexes"]:
name = entry["name"]
regex = entry["regex"]
regex = regex.replace('"', '\\"').strip()
extra_grep = entry.get("extra_grep")
extra_grep = f" | grep {extra_grep} | " if extra_grep else ""
regexes_search_section += f'print_3title "Searching {name} (limited to 50)"\n'
for path in paths_to_search:
regexes_search_section += "timeout 120 find "+path+" -type f -exec grep -HnRiIE \""+regex+"\" '{}' \; 2>/dev/null "+extra_grep+" | sed '/^.\{150\}./d' | sort | uniq | head -n 50 | sed -${E} \"s~"+regex+"~${SED_RED}~\" &\n"
regexes_search_section += "wait\n"
return regexes_search_section
def __replace_mark(self, mark: str, find_calls: list, join_char: str): def __replace_mark(self, mark: str, find_calls: list, join_char: str):
"""Substitude the markup with the actual code""" """Substitude the markup with the actual code"""

7
linPEAS/builder/src/yamlGlobals.py
View File

@ -47,11 +47,17 @@ LINPEAS_BASE_PATH = LINPEAS_BASE_PARTS + "/linpeas_base.sh"
TEMPORARY_LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh" TEMPORARY_LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh"
FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh" FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh"
YAML_NAME = "sensitive_files.yaml" YAML_NAME = "sensitive_files.yaml"
YAML_REGEXES = "regexes.yaml"
FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME
REGEXES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_REGEXES
with open(FILES_YAML, 'r') as file: with open(FILES_YAML, 'r') as file:
YAML_LOADED = yaml.load(file, Loader=yaml.FullLoader) YAML_LOADED = yaml.load(file, Loader=yaml.FullLoader)
with open(REGEXES_YAML, 'r') as file:
REGEXES_LOADED = yaml.load(file, Loader=yaml.FullLoader)
ROOT_FOLDER = YAML_LOADED["root_folders"] ROOT_FOLDER = YAML_LOADED["root_folders"]
DEFAULTS = YAML_LOADED["defaults"] DEFAULTS = YAML_LOADED["defaults"]
COMMON_FILE_FOLDERS = YAML_LOADED["common_file_folders"] COMMON_FILE_FOLDERS = YAML_LOADED["common_file_folders"]
@ -65,6 +71,7 @@ PEAS_FINDS_MARKUP = YAML_LOADED["peas_finds_markup"]
FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"] FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"]
FIND_TEMPLATE = YAML_LOADED["find_template"] FIND_TEMPLATE = YAML_LOADED["find_template"]
REGEXES_MARKUP = YAML_LOADED["peas_regexes_markup"]
PEAS_STORAGES_MARKUP = YAML_LOADED["peas_storages_markup"] PEAS_STORAGES_MARKUP = YAML_LOADED["peas_storages_markup"]
STORAGE_LINE_MARKUP = YAML_LOADED["storage_line_markup"] STORAGE_LINE_MARKUP = YAML_LOADED["storage_line_markup"]
STORAGE_LINE_EXTRA_MARKUP = YAML_LOADED["storage_line_extra_markup"] STORAGE_LINE_EXTRA_MARKUP = YAML_LOADED["storage_line_extra_markup"]