mirror of
https://github.com/peass-ng/PEASS-ng.git
synced 2026-01-09 03:43:09 -08:00
Compare commits
10 Commits
20240908-e
...
20240924-c
| Author | SHA1 | Date | |
|---|---|---|---|
|
7a9ea40cbb | ||
|
|
faf6be53a8 | ||
|
|
83f18f891f | ||
|
|
b6ec3236d8 | ||
|
|
2ab6e7047e | ||
|
|
bf1edc9a18 | ||
|
|
8d096a4c72 | ||
|
|
d9f6e3eb46 | ||
|
|
abfb06e77c | ||
|
|
cb39091bfa |
2
.github/workflows/CI-master_tests.yml
vendored
2
.github/workflows/CI-master_tests.yml
vendored
@@ -9,7 +9,7 @@ on:
|
||||
- '.github/**'
|
||||
|
||||
schedule:
|
||||
- cron: "5 4 * * SUN"
|
||||
- cron: "5 4 1 * *"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ If you want to **contribute adding the search of new files that can contain sens
|
||||
Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud.
|
||||
|
||||
## Specific LinPEAS additions
|
||||
From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
|
||||
From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that will be merged into linpeas.sh*.
|
||||
The new linpeas.sh script will be auto-generated in the PR.
|
||||
|
||||
## Specific WinPEAS additions
|
||||
|
||||
@@ -26,7 +26,7 @@ if [ "$is_ibm_vm" = "Yes" ]; then
|
||||
|
||||
ibm_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
ibm_req="curl -s -f -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
ibm_req="curl -s -f -L -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
else
|
||||
|
||||
@@ -19,7 +19,7 @@ if [ "$is_aliyun_ecs" = "Yes" ]; then
|
||||
aliyun_token=""
|
||||
if [ "$(command -v curl)" ]; then
|
||||
aliyun_token=$(curl -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
|
||||
aliyun_req='curl -s -f -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
aliyun_req='curl -s -f -L -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
elif [ "$(command -v wget)" ]; then
|
||||
aliyun_token=$(wget -q -O - --method PUT "http://100.100.100.200/latest/api/token" --header "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
|
||||
aliyun_req='wget -q -O --header "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
|
||||
@@ -21,7 +21,7 @@ if [ "$is_aws_ec2" = "Yes" ]; then
|
||||
|
||||
aws_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
aws_req="curl -s -f -H '$HEADER'"
|
||||
aws_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
aws_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
if [ "$is_gcp_function" = "Yes" ]; then
|
||||
gcp_req=""
|
||||
if [ "$(command -v curl)" ]; then
|
||||
gcp_req='curl -s -f -H "Metadata-Flavor: Google"'
|
||||
gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
|
||||
elif [ "$(command -v wget)" ]; then
|
||||
gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
|
||||
else
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
if [ "$is_gcp_vm" = "Yes" ]; then
|
||||
gcp_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
gcp_req='curl -s -f -H "Metadata-Flavor: Google"'
|
||||
gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
|
||||
else
|
||||
|
||||
@@ -22,7 +22,7 @@ if [ "$is_az_vm" = "Yes" ]; then
|
||||
|
||||
az_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -H '$HEADER'"
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -23,7 +23,7 @@ if [ "$is_az_app" = "Yes" ]; then
|
||||
|
||||
az_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -H '$HEADER'"
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -18,7 +18,7 @@ if [ "$is_do" = "Yes" ]; then
|
||||
|
||||
do_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
do_req='curl -s -f '
|
||||
do_req='curl -s -f -L '
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
do_req='wget -q -O - '
|
||||
else
|
||||
|
||||
@@ -25,6 +25,9 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\
|
||||
/dtappgather$%Solaris_7_<_11_\(SPARC/x86\)\(CVE-2017-3622\)\
|
||||
/dtprintinfo$%Solaris_10_\(x86\)_and_lower_versions_also_SunOS_5.7_to_5.10\
|
||||
/dtsession$%Oracle_Solaris_10_1/13_and_earlier\(CVE-2020-2696\)\
|
||||
/enlightenment_backlight$%Before_0.25.4_\(CVE-2022-37706\)\
|
||||
/enlightenment_ckpasswd$%Before_0.25.4_\(CVE-2022-37706\)\
|
||||
/enlightenment_sys$%Before_0.25.4_\(CVE-2022-37706\)\
|
||||
/eject$%FreeBSD_mcweject_0.9/SGI_IRIX_6.2\
|
||||
/ibstat$%IBM_AIX_Version_6.1/7.1\(09-2013\)\
|
||||
/kcheckpass$%KDE_3.2.0_<-->_3.4.2_\(both_included\)\
|
||||
@@ -42,7 +45,7 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\
|
||||
/newgrp$%HP-UX_10.20\
|
||||
/ntfs-3g$%Debian9/8/7/Ubuntu/Gentoo/others/Ubuntu_Server_16.10_and_others\(02-2017\)\
|
||||
/passwd$%Apple_Mac_OSX\(03-2006\)/Solaris_8/9\(12-2004\)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1\(02-1997\)\
|
||||
/pkexec$%Linux4.10_to_5.1.17\(CVE-2019-13272\)/rhel_6\(CVE-2011-1485\)\
|
||||
/pkexec$%Linux4.10_to_5.1.17\(CVE-2019-13272\)/rhel_6\(CVE-2011-1485\)/Generic_CVE-2021-4034\
|
||||
/pppd$%Apple_Mac_OSX_10.4.8\(05-2007\)\
|
||||
/pt_chown$%GNU_glibc_2.1/2.1.1_-6\(08-1999\)\
|
||||
/pulseaudio$%\(Ubuntu_9.04/Slackware_12.2.0\)\
|
||||
|
||||
@@ -13,4 +13,4 @@
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
sudovB="[01].[012345678].[0-9]+|1.9.[01234]|1.9.5p1"
|
||||
sudovB="[01].[012345678].[0-9]+|1.9.[01234][^0-9]|1.9.[01234]$|1.9.5p1"
|
||||
@@ -364,7 +364,10 @@ class LinpeasBuilder:
|
||||
except:
|
||||
rb = requests.get(f"https://raw.githubusercontent.com/GTFOBins/GTFOBins.github.io/master/_gtfobins/{b}.md", timeout=5)
|
||||
if "sudo:" in rb.text:
|
||||
sudoVB.append(b+"$")
|
||||
if len(b) <= 3:
|
||||
sudoVB.append("[^a-ZA-Z0-9]"+b+"$") # Less false possitives applied to small names
|
||||
else:
|
||||
sudoVB.append(b+"$")
|
||||
if "suid:" in rb.text:
|
||||
suidVB.append("/"+b+"$")
|
||||
if "capabilities:" in rb.text:
|
||||
|
||||
@@ -1282,7 +1282,7 @@ $CCreds = @(".aws\credentials",
|
||||
".azure\azureProfile.json")
|
||||
foreach ($u in $users) {
|
||||
$CCreds | ForEach-Object {
|
||||
if (Test-Path "c:\$u\$_") { Write-Host "$_ found!" -ForegroundColor Red }
|
||||
if (Test-Path "c:\Users\$u\$_") { Write-Host "$_ found!" -ForegroundColor Red }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user