SirBroccoli
f856f0b588
Merge pull request #547 from JohannesLks/fix/rdcman-credentials-highlight
...
fix: Highlight stored credentials in RDCMan.settings
2026-01-14 16:57:35 +01:00
JohannesLks
9d35195c56
fix: Highlight stored credentials in RDCMan.settings
...
RDCMan.settings files can contain encrypted credentials in
credentialsProfiles sections. This change enables content
inspection to highlight:
- credentialsProfiles (indicates stored credentials)
- password (encrypted password value)
- encryptedPassword (alternative password field)
Previously, just_list_file only showed the file path without
inspecting contents, causing stored credentials to be missed.
2026-01-01 22:53:40 +01:00
JohannesLks
4abbf37cc0
fix: SSH key regex false positive with ImageMagick mime.xml
...
The regex '-----BEGIN .* PRIVATE KEY.*-----' was matching
'-----BEGIN PGP PRIVATE KEY BLOCK-----' in /etc/ImageMagick-6/mime.xml,
causing a false positive for SSH keys.
Fixed by removing the trailing .* before ----- so the regex now requires
the key header to end directly with -----, which excludes PGP key
definitions that have 'BLOCK-----' at the end.
Tested key types still detected:
- RSA PRIVATE KEY
- EC PRIVATE KEY
- OPENSSH PRIVATE KEY
- DSA PRIVATE KEY
2026-01-01 14:07:08 +01:00
HackTricks News Bot
e77867b2d3
Add linpeas privilege escalation checks from: ECS on EC2: Covering Gaps in IMDS Hardening
2025-12-29 02:02:46 +00:00
HackTricks News Bot
be72fecfa8
Add winpeas privilege escalation checks from: Kerberoasting: Low-Tech, High-Impact Attacks from Legacy Kerberos Crypto
2025-12-29 01:42:21 +00:00
HackTricks News Bot
0e52c2feea
Add linpeas privilege escalation checks from: CVE-2025-38352 – In-the-wild Android Kernel Vulnerability Analysis and PoC
2025-12-22 13:20:16 +00:00
HackTricks News Bot
1039cc2eff
Add linpeas privilege escalation checks from: From Chrome Renderer Code Execution to Linux Kernel RCE via AF_UNIX MSG_OOB (CVE
2025-12-17 02:19:32 +00:00
HackTricks News Bot
3268701ed6
Add winpeas privilege escalation checks from: The Windows Registry Adventure, Part 8: Exploitation of Hive-based Memory Corrup
2025-12-17 02:00:18 +00:00
HackTricks News Bot
488d388830
Add winpeas privilege escalation checks from: Windows Exploitation Technique: Amplifying Race Windows via Slow Object Manager
2025-12-17 01:34:41 +00:00
HackTricks News Bot
85aa98a841
Add winpeas privilege escalation checks from: Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy
2025-12-16 19:11:20 +00:00
npc
10b087febf
Fix su bruteforce false positives on BusyBox systems (bbsuid)
...
Fix su bruteforce false positives on BusyBox systems (bbsuid)
2025-12-15 20:23:52 +08:00
SirBroccoli
b4a1382e8a
Merge pull request #536 from DotNetRussell/patch-1
...
Fix wording in privilege escalation checklist
2025-12-15 09:52:13 +01:00
DNR
877b9b81ce
Fix wording in privilege escalation checklist
2025-12-14 12:45:02 -05:00
HackTricks News Bot
74521345f6
Add linpeas privilege escalation checks from: HTB WhiteRabbit: n8n HMAC Forgery, SQL Injection, restic Abuse, and Time-Seeded
2025-12-13 18:41:50 +00:00
carlospolop
0277e447f0
f
2025-12-12 16:25:36 +01:00
carlospolop
b09bd92116
f
2025-12-12 14:28:17 +01:00
SirBroccoli
8f017f98d3
Merge pull request #532 from compass-dexter/fix/ssh-AuthorizedKeysFile
...
[LINPEAS] fix(linPEAS): grep for AuthorizedKeysFile
2025-12-12 00:44:51 +01:00
SirBroccoli
17cfc6c56e
Merge pull request #530 from Xyniath/master
...
[WINPEAS] Fix misspelling of SeDebugPrivilege in winPEAS output
2025-12-12 00:44:30 +01:00
HackTricks News Bot
6100bfaceb
Add winpeas privilege escalation checks from: SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies and WSDL
2025-12-11 19:05:05 +00:00
HackTricks News Bot
9123910f9d
Add winpeas privilege escalation checks from: Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
2025-12-10 19:18:07 +00:00
compass-dexter
7e0f678f33
fix(linPEAS): grep for AuthorizedKeysFile
...
According to sshd_config(5) this is the correct setting
2025-12-10 16:58:13 +01:00
HackTricks News Bot
b7b7aebf1c
Add winpeas privilege escalation checks from: pipetap – A Windows Named Pipe Multi-tool and Proxy for Intercepting and Replayi
2025-12-09 02:07:57 +00:00
Matt
595e021864
fix: correct typo of SeDebugPrivilege
2025-12-08 00:27:02 +00:00
HackTricks News Bot
6c75f10fae
Add winpeas privilege escalation checks from: Pwning ASUS DriverHub, MSI Center, Acer Control Centre and Razer Synapse 4
2025-12-07 13:22:49 +00:00
SirBroccoli
94e84dec91
Merge pull request #521 from peass-ng/update_PEASS-winpeas-HackTheBox_Mirage__Chaining_NFS_Leak_20251122_183905
...
[WINPEAS] Add privilege escalation check: HackTheBox Mirage Chaining NFS Leaks, Dy...
2025-12-07 13:23:17 +01:00
SirBroccoli
ac80ce3a9a
Merge pull request #520 from peass-ng/update_PEASS-linpeas-SupaPwn__Hacking_Our_Way_into_Lovabl_20251119_184112
...
[LINPEAS] Add privilege escalation check: SupaPwn Hacking Our Way into Lovable’s O...
2025-12-07 13:22:12 +01:00
SirBroccoli
313fe6bef5
Update README.md
2025-12-07 13:21:52 +01:00
HackTricks News Bot
4dad7599e6
Add winpeas privilege escalation checks from: LDAP BOF Collection – In‑Memory LDAP Toolkit for Active Directory Exploitation
2025-12-07 01:59:18 +00:00
HackTricks News Bot
b188ac34b6
Add linpeas privilege escalation checks from: HTB: Era – IDORs, PHP ssh2.exec Wrapper RCE, and Custom-Signed Binary Privilege
2025-11-29 18:48:21 +00:00
HackTricks News Bot
e99e64cddf
Add linpeas privilege escalation checks from: Metasploit Wrap-Up 11/28/2025
2025-11-29 01:41:29 +00:00
HackTricks News Bot
dd220af544
Add winpeas privilege escalation checks from: Metasploit Wrap-Up 11/14/2025
2025-11-27 13:44:39 +00:00
HackTricks News Bot
11c0d14561
Add winpeas privilege escalation checks from: HackTheBox Mirage: Chaining NFS Leaks, Dynamic DNS Abuse, NATS Credential Theft,
2025-11-22 18:54:22 +00:00
HackTricks News Bot
49db1df468
Add linpeas privilege escalation checks from: SupaPwn: Hacking Our Way into Lovable’s Office and Helping Secure Supabase
2025-11-19 18:59:41 +00:00
SirBroccoli
80318c5005
Merge pull request #514 from moscowchill/bat-pr
...
Fix ANSI escape codes displaying as literal text in winPEAS.bat
2025-11-15 15:45:38 +01:00
SirBroccoli
7af6c33d39
Merge pull request #513 from sttlr/patch-1
...
Fix: LinPEASS doesn't run via metasploit module
2025-11-15 15:44:50 +01:00
moscow chill
336c53a163
Fix ANSI escape codes displaying as literal text in winPEAS.bat
...
The script was setting E=0x1B[ as a literal string instead of the actual
ESC character (ASCII 27), causing color codes to display as text like
"0x1B[33m[+]0x1B[97m" instead of rendering as colors.
Changed the SetOnce subroutine to properly capture the ESC character using
the 'prompt $E' technique before building the ANSI escape sequence prefix.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-10-29 20:16:34 +01:00
Max K.
6877f39193
Fix: LinPEASS doesn't run via metasploit module
...
If you set "WINPEASS" to "false" - it's a string, and therefore "true". So it would run WinPEASS anyway.
The fix converts value of the variable to string before comparing it.
2025-10-28 13:19:03 +02:00
SirBroccoli
d75525ebbc
Merge pull request #512 from moscowchill/pr-bat-fix
...
Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10
2025-10-28 01:51:48 +01:00
moscow chill
29d8132d93
Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10
...
WMIC has been deprecated since Windows 10 20H1 and removed in Windows 11.
The script was exiting early when WMIC commands failed instead of continuing.
Changes:
- Add proper WMIC existence checks using 'where wmic' before execution
- Implement PowerShell fallbacks for all WMIC commands
- Fix hotfix enumeration (Get-HotFix)
- Fix antivirus detection (Get-CimInstance)
- Fix mounted disk enumeration (Get-PSDrive)
- Fix running process checks (Get-Process)
- Fix service binary permission checks (Get-CimInstance Win32_Service)
- Add error suppression (2>nul) to conditional WMIC exploit checks
The script now properly detects WMIC availability and falls back to
PowerShell equivalents, ensuring full functionality on modern Windows
systems while maintaining backward compatibility with older systems.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-10-27 16:10:42 +01:00
carlospolop
c16c5de36f
f
2025-10-18 00:59:40 +02:00
SirBroccoli
be3fe91da4
Merge pull request #507 from CravateRouge/master
...
Add ADCS ESC DC registry checks
2025-10-07 10:50:43 +02:00
CravateRouge
b8b4a0fc14
Fix InterfaceFlags syntax
2025-10-07 11:14:45 +08:00
CravateRouge
7042a182df
Add ADCS ESC DC registry checks
2025-10-06 17:18:44 +02:00
SirBroccoli
c83eef9cd8
Merge pull request #502 from peass-ng/update_PEASS-linpeas-HTB_Planning__Grafana_CVE-2024-9264__20250913_182726
...
[LINPEAS] Add privilege escalation check: HTB Planning Grafana CVE-2024-9264 to Co...
2025-10-04 10:38:22 +02:00
SirBroccoli
e15a1f2e12
Update 16_Crontab_UI_misconfig.sh
2025-10-04 10:38:02 +02:00
SirBroccoli
24e9c54290
Merge pull request #505 from jtothef/patch-1
...
Update README.md
2025-10-04 10:36:24 +02:00
SirBroccoli
bdb5c61dad
Merge pull request #504 from peass-ng/update_PEASS-linpeas-Forgotten_20250917_063428
...
[LINPEAS] Add privilege escalation check: Forgotten
2025-10-04 10:36:09 +02:00
SirBroccoli
ee83c23a74
Update 16_Crontab_UI_misconfig.sh
2025-10-04 10:34:04 +02:00
SirBroccoli
7b36014699
Merge pull request #499 from peass-ng/update_PEASS-linpeas-HTB_Environment__Laravel_env_overrid_20250907_013120
...
[LINPEAS] Add privilege escalation check: HTB Environment Laravel env override (CV...
2025-10-04 10:29:32 +02:00
SirBroccoli
6fe8304783
Merge pull request #506 from tropkal/tropkal-patch-1
...
Update the regex for the sudo version
2025-10-04 10:29:01 +02:00
