PenTest/privilege-escalation-awesome-scripts-suite
1
0
Fork 0
mirror of https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git synced 2025-12-06 00:51:28 +00:00
Code Issues Projects Releases Wiki Activity
1,789 Commits 40 Branches 304 Tags
update_PEASS-linpeas-HTB__Era___IDORs__PHP_ssh2_exec_Wrap_20251129_184039
Commit Graph

1789 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
HackTricks News Bot
b188ac34b6 Add linpeas privilege escalation checks from: HTB: Era – IDORs, PHP ssh2.exec Wrapper RCE, and Custom-Signed Binary Privilege 2025-11-29 18:48:21 +00:00
SirBroccoli
80318c5005 Merge pull request #514 from moscowchill/bat-pr 
Fix ANSI escape codes displaying as literal text in winPEAS.bat
20251115-74c9337c 20251201-130af74a 		2025-11-15 15:45:38 +01:00
SirBroccoli
7af6c33d39 Merge pull request #513 from sttlr/patch-1 
Fix: LinPEASS doesn't run via metasploit module
20251115-0322d43c 		2025-11-15 15:44:50 +01:00
moscow chill
336c53a163 Fix ANSI escape codes displaying as literal text in winPEAS.bat 
The script was setting E=0x1B[ as a literal string instead of the actual
ESC character (ASCII 27), causing color codes to display as text like
"0x1B[33m[+]0x1B[97m" instead of rendering as colors.

Changed the SetOnce subroutine to properly capture the ESC character using
the 'prompt $E' technique before building the ANSI escape sequence prefix.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-29 20:16:34 +01:00
Max K.
6877f39193 Fix: LinPEASS doesn't run via metasploit module 
If you set "WINPEASS" to "false" - it's a string, and therefore "true". So it would run WinPEASS anyway.

The fix converts value of the variable to string before comparing it.
 2025-10-28 13:19:03 +02:00
SirBroccoli
d75525ebbc Merge pull request #512 from moscowchill/pr-bat-fix 
Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10
20251028-8d75ce03 20251101-a416400b 		2025-10-28 01:51:48 +01:00
moscow chill
29d8132d93 Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10 
WMIC has been deprecated since Windows 10 20H1 and removed in Windows 11.
The script was exiting early when WMIC commands failed instead of continuing.

Changes:
- Add proper WMIC existence checks using 'where wmic' before execution
- Implement PowerShell fallbacks for all WMIC commands
- Fix hotfix enumeration (Get-HotFix)
- Fix antivirus detection (Get-CimInstance)
- Fix mounted disk enumeration (Get-PSDrive)
- Fix running process checks (Get-Process)
- Fix service binary permission checks (Get-CimInstance Win32_Service)
- Add error suppression (2>nul) to conditional WMIC exploit checks

The script now properly detects WMIC availability and falls back to
PowerShell equivalents, ensuring full functionality on modern Windows
systems while maintaining backward compatibility with older systems.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-27 16:10:42 +01:00
carlospolop
c16c5de36f f 20251017-d864f4c3 2025-10-18 00:59:40 +02:00
SirBroccoli
be3fe91da4 Merge pull request #507 from CravateRouge/master 
Add ADCS ESC DC registry checks
20251007-02ee8e3f 		2025-10-07 10:50:43 +02:00
CravateRouge
b8b4a0fc14 Fix InterfaceFlags syntax 2025-10-07 11:14:45 +08:00
CravateRouge
7042a182df Add ADCS ESC DC registry checks 2025-10-06 17:18:44 +02:00
SirBroccoli
c83eef9cd8 Merge pull request #502 from peass-ng/update_PEASS-linpeas-HTB_Planning__Grafana_CVE-2024-9264__20250913_182726 
[LINPEAS] Add privilege escalation check: HTB Planning Grafana CVE-2024-9264 to Co...
20251004-13e75f59 		2025-10-04 10:38:22 +02:00
SirBroccoli
e15a1f2e12 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:38:02 +02:00
SirBroccoli
24e9c54290 Merge pull request #505 from jtothef/patch-1 
Update README.md
20251004-40dd5c8d 		2025-10-04 10:36:24 +02:00
SirBroccoli
bdb5c61dad Merge pull request #504 from peass-ng/update_PEASS-linpeas-Forgotten_20250917_063428 
[LINPEAS] Add privilege escalation check: Forgotten
20251004-ba856a2a 		2025-10-04 10:36:09 +02:00
SirBroccoli
ee83c23a74 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:34:04 +02:00
SirBroccoli
7b36014699 Merge pull request #499 from peass-ng/update_PEASS-linpeas-HTB_Environment__Laravel_env_overrid_20250907_013120 
[LINPEAS] Add privilege escalation check: HTB Environment Laravel env override (CV...
20251004-69861b97 		2025-10-04 10:29:32 +02:00
SirBroccoli
6fe8304783 Merge pull request #506 from tropkal/tropkal-patch-1 
Update the regex for the sudo version
20251004-5f2f5a2d 		2025-10-04 10:29:01 +02:00
tropkal
262feb9896 Updated the sudo regex to catch 2 more CVE's. 2025-10-04 08:43:00 +02:00
tropkal
40cf08af85 Update sudovB.sh 
Modified the regex that checks for vulnerable sudo versions to include sudo version 1.9.17 (not including 1.9.17p1), which is vulnerable to CVE-2025-32463 (https://www.exploit-db.com/exploits/52352).
 2025-10-04 09:08:37 +03:00
jtothef
7c9f431649 Update README.md 
Fix typo
 2025-09-23 12:49:05 -05:00
HackTricks News Bot
31bdb339d7 Add linpeas privilege escalation checks from: Forgotten 2025-09-17 06:48:40 +00:00
HackTricks News Bot
bdcebadde0 Add linpeas privilege escalation checks from: HTB Planning: Grafana CVE-2024-9264 to Container Root, Env-Creds Pivot, Crontab 2025-09-13 18:33:45 +00:00
HackTricks News Bot
4b3f4aa19e Add linpeas privilege escalation checks from: HTB Environment: Laravel env override (CVE‑2024‑52301) → LFM upload RCE (CVE‑202 2025-09-07 01:38:03 +00:00
carlospolop
7c7884fb72 f tf 20250904-27f4363e 20251001-67326308 2025-09-05 01:04:53 +02:00
carlospolop
35300e499b tf 20250904-4f33e9d0 2025-09-05 01:04:18 +02:00
carlospolop
147de0fc88 f 20250903-dc605133 2025-09-03 14:19:59 +02:00
carlospolop
afaf596342 f 2025-09-03 13:39:15 +02:00
SirBroccoli
215c5d074e Merge pull request #456 from peass-ng/dependabot/nuget/winPEAS/winPEASexe/Tests/System.Text.RegularExpressions-4.3.1 
Bump System.Text.RegularExpressions from 4.3.0 to 4.3.1 in /winPEAS/winPEASexe/Tests
 2025-09-03 13:36:40 +02:00
SirBroccoli
ca383a4548 Merge pull request #496 from peass-ng/update_PEASS-linpeas-Case_study__Backup_leak___CI_abuse___20250827_193408 
[LINPEAS] Add privilege escalation check: Case study Backup leak → CI abuse → inte...
 2025-09-03 13:36:13 +02:00
SirBroccoli
46264bf239 Merge pull request #497 from peass-ng/update_PEASS-winpeas-HTB_Sendai__From_password_spray_to_g_20250828_184040 
[WINPEAS] Add privilege escalation check: HTB Sendai From password spray to gMSA d...
 2025-09-03 13:31:10 +02:00
SirBroccoli
642c33304f Merge pull request #494 from peass-ng/update_PEASS-winpeas-HTB__TheFrizz__High-level__redacted__20250827_190719 
[WINPEAS] Add privilege escalation check: HTB TheFrizz (High-level, redacted for s...
 2025-09-03 13:27:06 +02:00
HackTricks News Bot
54d861ab04 Add winpeas privilege escalation checks from: HTB Sendai: From password spray to gMSA dump, then ADCS ESC4 or SQL+Silver Ticke 2025-08-28 18:51:59 +00:00
HackTricks News Bot
bbb932d6d3 feat(winpeas): add ActiveDirectoryInfo check (gMSA readable passwords, AD CS template rights) and include in project 2025-08-28 18:50:51 +00:00
HackTricks News Bot
626ea2d298 docs(usage): add activedirectoryinfo option to usage output 2025-08-28 18:50:22 +00:00
HackTricks News Bot
ed01b32a95 Add linpeas privilege escalation checks from: Case study: Backup leak → CI abuse → internal trust misconfigurations → escalati 2025-08-27 19:45:02 +00:00
HackTricks News Bot
c314cfd23d Add winpeas privilege escalation checks from: HTB: TheFrizz (High-level, redacted for safety) 2025-08-27 19:14:43 +00:00
SirBroccoli
cc5ab76991 Merge pull request #486 from soobinrho/fix-typo-on-color-explanations 
docs: fix typo (conten -> content)
20250827-339b42c6 20250901-02e4c19f 		2025-08-27 12:12:28 +02:00
carlospolop
36001d644e Merge branch 'master' of github.com:peass-ng/PEASS-ng 2025-08-25 11:18:18 +02:00
carlospolop
fdd414f4aa new workflow 2025-08-25 11:18:16 +02:00
Soobin Rho
c3e50dbdbf docs: fix typo (conten -> content) 2025-08-08 17:56:41 -05:00
SirBroccoli
41128808a6 Merge pull request #483 from securitytime/patch-1 
Update Beaprint.cs
20250701-bdcab634 20250801-03e73bf3 		2025-07-01 16:23:13 +02:00
carlospolop
6fd96f4bdb f 20250701-295c46ef 2025-07-01 12:12:01 +02:00
carlospolop
a745f00dd7 fix 2025-07-01 11:10:21 +02:00
securitytime
933e12d7f1 Update Beaprint.cs 
A space character is missing here:
"... educational purposes only.Any misuse of this software  ..."
 2025-06-28 09:12:40 +02:00
SirBroccoli
4061cef7e8 Merge pull request #476 from peass-ng/codex/fix-url-reference-in-linpeasbuilder.py 
Fix url variable reference in linpeasBuilder
 2025-06-25 01:59:43 +02:00
SirBroccoli
b66ced3c63 Merge pull request #475 from peass-ng/codex/find-and-fix-a-bug 
Fix parser global state reuse
 2025-06-25 01:59:03 +02:00
SirBroccoli
cde725dacc Merge pull request #477 from peass-ng/codex/update-docstring-and-fix-typo 
Fix docstring and comment in linpeasBuilder
 2025-06-25 01:57:58 +02:00
SirBroccoli
f0f829890c Merge pull request #479 from peass-ng/codex/replace--parth--with--path--in-argparse 
Fix typo in linpeas builder arg help
 2025-06-25 01:57:11 +02:00
SirBroccoli
99c36b8562 Merge pull request #480 from Signum21/master 
Fixed multiple bugs in Vulnerable Leaked Handlers
 2025-06-25 01:56:58 +02:00