From 4b3f4aa19e3f8fd9a2460bc55ea16525d669a7c6 Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Sun, 7 Sep 2025 01:38:03 +0000 Subject: [PATCH] =?UTF-8?q?Add=20linpeas=20privilege=20escalation=20checks?= =?UTF-8?q?=20from:=20HTB=20Environment:=20Laravel=20env=20override=20(CVE?= =?UTF-8?q?=E2=80=912024=E2=80=9152301)=20=E2=86=92=20LFM=20upload=20RCE?= =?UTF-8?q?=20(CVE=E2=80=91202?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build_lists/sensitive_files.yaml | 5 +++++ linPEAS/builder/linpeas_parts/variables/sudoVB1.sh | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index 491ed52..206d106 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -2067,6 +2067,11 @@ search: type: f search_in: - common + - name: "private-keys-v1.d/*.key" + value: + type: f + search_in: + - common - name: "*.gnupg" value: diff --git a/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh b/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh index 012627d..74641e1 100644 --- a/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh +++ b/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh @@ -13,5 +13,5 @@ # Small linpeas: 1 -sudoVB1=" \*|env_keep\W*\+=.*LD_PRELOAD|env_keep\W*\+=.*LD_LIBRARY_PATH|peass{SUDOVB1_HERE}" -sudoVB2="peass{SUDOVB2_HERE}" \ No newline at end of file +sudoVB1=" \*|env_keep\W*\+=.*LD_PRELOAD|env_keep\W*\+=.*LD_LIBRARY_PATH|env_keep\W*\+=.*BASH_ENV|env_keep\W*\+=.* ENV|peass{SUDOVB1_HERE}" +sudoVB2="peass{SUDOVB2_HERE}"