From 4abbf37cc08c8578defd72ce944e664b4d60d5d0 Mon Sep 17 00:00:00 2001 From: JohannesLks Date: Thu, 1 Jan 2026 14:07:08 +0100 Subject: [PATCH] fix: SSH key regex false positive with ImageMagick mime.xml The regex '-----BEGIN .* PRIVATE KEY.*-----' was matching '-----BEGIN PGP PRIVATE KEY BLOCK-----' in /etc/ImageMagick-6/mime.xml, causing a false positive for SSH keys. Fixed by removing the trailing .* before ----- so the regex now requires the key header to end directly with -----, which excludes PGP key definitions that have 'BLOCK-----' at the end. Tested key types still detected: - RSA PRIVATE KEY - EC PRIVATE KEY - OPENSSH PRIVATE KEY - DSA PRIVATE KEY --- .../linpeas_parts/7_software_information/Ssh.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/linPEAS/builder/linpeas_parts/7_software_information/Ssh.sh b/linPEAS/builder/linpeas_parts/7_software_information/Ssh.sh index 7ee753c..65947a0 100644 --- a/linPEAS/builder/linpeas_parts/7_software_information/Ssh.sh +++ b/linPEAS/builder/linpeas_parts/7_software_information/Ssh.sh @@ -33,17 +33,17 @@ grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication if ! [ "$SEARCH_IN_FOLDER" ]; then if [ "$TIMEOUT" ]; then - privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) - privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null) - privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null) - privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null) + privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' /etc 2>/dev/null) + privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' $HOMESEARCH 2>/dev/null) + privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' /root 2>/dev/null) + privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' /mnt 2>/dev/null) else - privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout - privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null) + privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout + privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' $HOME/.ssh 2>/dev/null) fi else # If $SEARCH_IN_FOLDER lets just search for private keys in the whole firmware - privatekeyfilesetc=$(timeout 120 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' "$ROOT_FOLDER" 2>/dev/null) + privatekeyfilesetc=$(timeout 120 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY\-\-\-\-\-' "$ROOT_FOLDER" 2>/dev/null) fi if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then