darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #464 from spkal01/master

Browse Source 
Rework PEASS url logic for the metasploit module
This commit is contained in:
SirBroccoli 2025-03-29 21:56:35 +01:00 committed by GitHub
commit f0686d491b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
metasploit/README.md
View File

@ -37,9 +37,10 @@ Basic options:
---- --------------- -------- ----------- ---- --------------- -------- -----------
PARAMETERS no Parameters to pass to the script PARAMETERS no Parameters to pass to the script
PASSWORD um1xipfws17nkw1bi1ma3bh7tzt4mo3e no Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used PASSWORD um1xipfws17nkw1bi1ma3bh7tzt4mo3e no Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used
.
PEASS_URL https://raw.githubusercontent.com/peass-ng/PEASS-ng/master/winPEAS/wi yes Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/peass-ng/PEASS-ng WINPEASS true yes Use PEASS for Windows or PEASS for linux. Default is windows change to false for linux.
nPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe /master/linPEAS/linpeas.sh CUSTOM_URL no Path to the PEASS script. Accepted: http(s):// URL or absolute local path.
SESSION yes The session to run this module on. SESSION yes The session to run this module on.
SRVHOST no Set your metasploit instance IP if you want to download the PEASS script from here via http(s) instead of uploading it. SRVHOST no Set your metasploit instance IP if you want to download the PEASS script from here via http(s) instead of uploading it.
SRVPORT 443 no Port to download the PEASS script from using http(s) (only used if SRVHOST) SRVPORT 443 no Port to download the PEASS script from using http(s) (only used if SRVHOST)

13
metasploit/peass.rb
View File

@ -37,7 +37,8 @@ class MetasploitModule < Msf::Post
)) ))
register_options( register_options(
[ [
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]), OptString.new('WINPEASS', [true, 'Which PEASS script to use. Use True for WinPeass and false for LinPEASS', true]),
OptString.new('CUSTOM_URL', [false, 'URL to download the PEASS script from (if not using the default one). Accepts http(s) or absolute path. Overrides the WINPEASS variable', '']),
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]), OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']), OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]), OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
@ -237,8 +238,14 @@ class MetasploitModule < Msf::Post
def load_peass def load_peass
# Load the PEASS script from a local file or from Internet # Load the PEASS script from a local file or from Internet
peass_script = "" peass_script = ""
url_peass = datastore['PEASS_URL'] url_peass = ""
# If no URL is set, use the default one
if datastore['CUSTOM_URL'] != ""
url_peass = datastore['CUSTOM_URL']
else
url_peass = datastore['WINPEASS'] ? "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe" : "https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh"
end
# If URL is set, check if it is a valid URL or local file
if url_peass.include?("http://") || url_peass.include?("https://") if url_peass.include?("http://") || url_peass.include?("https://")
target = URI.parse url_peass target = URI.parse url_peass
raise 'Invalid URL' unless target.scheme =~ /https?/ raise 'Invalid URL' unless target.scheme =~ /https?/