diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh index 5997095..d75e092 100755 --- a/linPEAS/linpeas.sh +++ b/linPEAS/linpeas.sh @@ -1,6 +1,6 @@ #!/bin/sh -VERSION="v3.2.1" +VERSION="v3.2.2" ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission." ########################################### @@ -47,6 +47,7 @@ QUIET="" CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" WAIT="" PASSWORD="" +NOCOLOR="" THREADS="`((grep -c processor /proc/cpuinfo 2>/dev/null) || ((command -v lscpu >/dev/null 2>&1) && (lscpu | grep '^CPU(s):' | awk '{print $2}')) || echo -n 2) | tr -d "\n"`" [ -z "$THREADS" ] && THREADS="2" #If THREADS is empty, put number 2 [ -n "$THREADS" ] && eTHREADS="2" #If THREADS is null, put number 2 @@ -59,6 +60,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, $Y-s$B SuperFast (don't check some time consuming checks) - Stealth mode $Y-w$B Wait execution between big blocks $Y-n$B Do not export env variables related with history and do not check Internet connectivity + $Y-N$B Do not use colours $Y-P$B Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' $Y-o$B Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. $Y-L$B Force linpeas execution. @@ -69,7 +71,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, $Y-i [-p ]$B Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 $GREEN Notice$B that if you select some network action, no PE check will be performed\n\n$NC" -while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do +while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do case "$opt" in h|\?) printf "$HELP"$NC; exit 0;; a) FAST="";; @@ -85,10 +87,24 @@ while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do M) MACPEAS="1";; w) WAIT=1;; t) THREADS=$OPTARG;; + N) NOCOLOR="1";; esac done if [ "$MACPEAS" ]; then SCRIPTNAME="macpeas"; else SCRIPTNAME="linpeas"; fi +if [ "$NOCOLOR" ]; then + echo lalalala + C="" + RED="" + GREEN="" + Y="" + B="" + LG="" + DG="" + NC="" + UNDERLINED="" + ITALIC="" +fi ########################################### @@ -186,7 +202,7 @@ echo "" printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m," echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," -echo " RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m," +echo " RED: You should take a look to it" | sed "s,RED,${C}[1;31m&${C}[0m," echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," echo " Blue: Users without console & mounted devs" | sed "s,Blue,${C}[1;34m&${C}[0m," echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${C}[1;32m&${C}[0m," @@ -405,8 +421,8 @@ while $SEDOVERFLOW; do #else # WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" -and '(' -writable -or -user $USER ')' 2>/dev/null | sort` #fi - Wfolders=`printf "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*" - Wfolder="`printf "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`" + Wfolders=`printf "%s" "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*" + Wfolder="`printf "%s" "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`" printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${C}[1;31;103m&${C}[0m,g" >/dev/null 2>&1 if [ $? -eq 0 ]; then SEDOVERFLOW=false