mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2025-12-09 18:31:28 +00:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
27d954e03a | ||
|
|
9416b924cb | ||
|
|
6ec25656f2 | ||
|
|
3039ce555d | ||
|
|
d382de1cb1 | ||
|
|
c62a8f8b54 | ||
|
|
a70b9773db | ||
|
|
7a19b0968f | ||
|
|
ce002b9f33 | ||
|
1afac19979 | ||
|
|
219b1669c3 |
@@ -47,6 +47,12 @@ chmod +x linpeas_linux_amd64
|
||||
./linpeas_linux_amd64
|
||||
```
|
||||
|
||||
```bash
|
||||
# Execute from memory in Penelope session
|
||||
# From: https://github.com/brightio/penelope
|
||||
> run peass-ng
|
||||
```
|
||||
|
||||
## Firmware Analysis
|
||||
If you have a **firmware** and you want to **analyze it with linpeas** to **search for passwords or bad configured permissions** you have 2 main options.
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
These scripts allows you to transform the output of linpeas/macpeas/winpeas to JSON and then to PDF and HTML.
|
||||
|
||||
```python3
|
||||
python3 peass2json.py </path/to/executed_peass.out> </path/to/peass.json>
|
||||
python3 peas2json.py </path/to/executed_peass.out> </path/to/peass.json>
|
||||
python3 json2pdf.py </path/to/peass.json> </path/to/peass.pdf>
|
||||
python3 json2html.py </path/to/peass.json> </path/to/peass.html>
|
||||
```
|
||||
|
||||
@@ -3,4 +3,7 @@
|
||||
<startup useLegacyV2RuntimeActivationPolicy="true">
|
||||
|
||||
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
|
||||
<runtime>
|
||||
<AppContextSwitchOverrides value="Switch.System.IO.UseLegacyPathHandling=false" />
|
||||
</runtime>
|
||||
</configuration>
|
||||
|
||||
@@ -154,15 +154,39 @@ namespace winPEAS.Checks
|
||||
try
|
||||
{
|
||||
Regex rgx;
|
||||
if (caseinsensitive)
|
||||
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
|
||||
else
|
||||
rgx = new Regex(regex_str.Trim());
|
||||
bool is_re_match = false;
|
||||
try
|
||||
{
|
||||
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
|
||||
if (caseinsensitive)
|
||||
{
|
||||
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
|
||||
}
|
||||
else
|
||||
{
|
||||
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(regex_str.Trim());
|
||||
}
|
||||
}
|
||||
catch (RegexMatchTimeoutException e)
|
||||
{
|
||||
if (Checks.IsDebug)
|
||||
{
|
||||
Beaprint.GrayPrint($"The regex {regex_str} had a timeout (ReDoS avoided but regex unchecked in a file)");
|
||||
}
|
||||
return foundMatches;
|
||||
}
|
||||
|
||||
if (!is_re_match)
|
||||
{
|
||||
return foundMatches;
|
||||
}
|
||||
|
||||
int cont = 0;
|
||||
foreach (Match match in rgx.Matches(text))
|
||||
{
|
||||
if (cont > 4) break;
|
||||
if (cont > 10) break;
|
||||
|
||||
if (match.Value.Length < 400 && match.Value.Trim().Length > 2)
|
||||
foundMatches.Add(match.Value);
|
||||
@@ -349,7 +373,7 @@ namespace winPEAS.Checks
|
||||
timer.Stop();
|
||||
|
||||
TimeSpan timeTaken = timer.Elapsed;
|
||||
if (timeTaken.TotalMilliseconds > 1000)
|
||||
if (timeTaken.TotalMilliseconds > 20000)
|
||||
Beaprint.PrintDebugLine($"\nThe regex {regex.regex} took {timeTaken.TotalMilliseconds}s in {f.FullPath}");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -105,7 +105,7 @@ namespace winPEAS.Helpers
|
||||
|
||||
PrintLegend();
|
||||
Console.WriteLine();
|
||||
LinkPrint("https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
|
||||
Console.WriteLine(BLUE + " You can find a Windows local PE Checklist here: "+YELLOW+"https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation");
|
||||
}
|
||||
|
||||
static void PrintLegend()
|
||||
|
||||
Reference in New Issue
Block a user