linpeasv3.2.2

This commit is contained in:
Carlos.Martin 2021-05-29 21:57:05 +01:00
parent e3a3f6e1e9
commit d761c1ba79

View File

@ -1,6 +1,6 @@
#!/bin/sh
VERSION="v3.2.1"
VERSION="v3.2.2"
ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission."
###########################################
@ -47,6 +47,7 @@ QUIET=""
CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles"
WAIT=""
PASSWORD=""
NOCOLOR=""
THREADS="`((grep -c processor /proc/cpuinfo 2>/dev/null) || ((command -v lscpu >/dev/null 2>&1) && (lscpu | grep '^CPU(s):' | awk '{print $2}')) || echo -n 2) | tr -d "\n"`"
[ -z "$THREADS" ] && THREADS="2" #If THREADS is empty, put number 2
[ -n "$THREADS" ] && eTHREADS="2" #If THREADS is null, put number 2
@ -59,6 +60,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
$Y-s$B SuperFast (don't check some time consuming checks) - Stealth mode
$Y-w$B Wait execution between big blocks
$Y-n$B Do not export env variables related with history and do not check Internet connectivity
$Y-N$B Do not use colours
$Y-P$B Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
$Y-o$B Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list.
$Y-L$B Force linpeas execution.
@ -69,7 +71,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
$Y-i <IP> [-p <PORT(s)>]$B Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
$GREEN Notice$B that if you select some network action, no PE check will be performed\n\n$NC"
while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do
while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do
case "$opt" in
h|\?) printf "$HELP"$NC; exit 0;;
a) FAST="";;
@ -85,10 +87,24 @@ while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do
M) MACPEAS="1";;
w) WAIT=1;;
t) THREADS=$OPTARG;;
N) NOCOLOR="1";;
esac
done
if [ "$MACPEAS" ]; then SCRIPTNAME="macpeas"; else SCRIPTNAME="linpeas"; fi
if [ "$NOCOLOR" ]; then
echo lalalala
C=""
RED=""
GREEN=""
Y=""
B=""
LG=""
DG=""
NC=""
UNDERLINED=""
ITALIC=""
fi
###########################################
@ -186,7 +202,7 @@ echo ""
printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC
echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m,"
echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m,"
echo " RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m,"
echo " RED: You should take a look to it" | sed "s,RED,${C}[1;31m&${C}[0m,"
echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m,"
echo " Blue: Users without console & mounted devs" | sed "s,Blue,${C}[1;34m&${C}[0m,"
echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${C}[1;32m&${C}[0m,"
@ -405,8 +421,8 @@ while $SEDOVERFLOW; do
#else
# WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" -and '(' -writable -or -user $USER ')' 2>/dev/null | sort`
#fi
Wfolders=`printf "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*"
Wfolder="`printf "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`"
Wfolders=`printf "%s" "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*"
Wfolder="`printf "%s" "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`"
printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${C}[1;31;103m&${C}[0m,g" >/dev/null 2>&1
if [ $? -eq 0 ]; then
SEDOVERFLOW=false