mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2026-01-04 13:49:12 +00:00
Compare commits
13 Commits
20240827-a
...
20240922-a
| Author | SHA1 | Date | |
|---|---|---|---|
|
cb39091bfa | ||
|
|
7979c470a1 | ||
|
|
746ef49fc8 | ||
|
5fa7823e38 | ||
|
|
2e615f7bc6 | ||
|
|
5ecb01ed14 | ||
|
ac8a3fac97 | ||
|
f881a4719d | ||
|
|
b3bcfa4466 | ||
|
|
adc8e168a5 | ||
|
|
1a82bd8ee4 | ||
|
|
9408efbcd7 | ||
|
|
bf00500bd1 |
64
.github/workflows/CI-master_tests.yml
vendored
64
.github/workflows/CI-master_tests.yml
vendored
@@ -100,43 +100,43 @@ jobs:
|
||||
|
||||
# Upload all the versions for the release
|
||||
- name: Upload winpeasx64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASx64.exe
|
||||
path: winPEAS\winPEASexe\binaries\x64\Release\winPEASx64.exe
|
||||
|
||||
- name: Upload winpeasx86
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASx86.exe
|
||||
path: winPEAS\winPEASexe\binaries\x86\Release\winPEASx86.exe
|
||||
|
||||
- name: Upload winpeasany
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASany.exe
|
||||
path: winPEAS\winPEASexe\binaries\Release\winPEASany.exe
|
||||
|
||||
- name: Upload winpeasx64ofs
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASx64_ofs.exe
|
||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64_ofs.exe
|
||||
|
||||
- name: Upload winpeasx86ofs
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASx86_ofs.exe
|
||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86_ofs.exe
|
||||
|
||||
- name: Upload winpeasanyofs
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEASany_ofs.exe
|
||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany_ofs.exe
|
||||
|
||||
- name: Upload winpeas.bat
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: winPEAS.bat
|
||||
path: winPEAS\winPEASbat\winPEAS.bat
|
||||
@@ -240,57 +240,57 @@ jobs:
|
||||
|
||||
# Upload files for release
|
||||
- name: Upload linpeas.sh
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas.sh
|
||||
path: linPEAS/linpeas.sh
|
||||
|
||||
- name: Upload linpeas_fat.sh
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_fat.sh
|
||||
path: linPEAS/linpeas_fat.sh
|
||||
|
||||
- name: Upload linpeas_small.sh
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_small.sh
|
||||
path: linPEAS/linpeas_small.sh
|
||||
|
||||
## Linux bins
|
||||
- name: Upload linpeas_linux_386
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_linux_386
|
||||
path: sh2bin/builds/linpeas_linux_386
|
||||
|
||||
- name: Upload linpeas_linux_amd64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_linux_amd64
|
||||
path: sh2bin/builds/linpeas_linux_amd64
|
||||
|
||||
- name: Upload linpeas_linux_arm
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_linux_arm
|
||||
path: sh2bin/builds/linpeas_linux_arm
|
||||
|
||||
- name: Upload linpeas_linux_arm64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_linux_arm64
|
||||
path: sh2bin/builds/linpeas_linux_arm64
|
||||
|
||||
## Darwin bins
|
||||
- name: Upload linpeas_darwin_amd64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_darwin_amd64
|
||||
path: sh2bin/builds/linpeas_darwin_amd64
|
||||
|
||||
- name: Upload linpeas_darwin_arm64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: linpeas_darwin_arm64
|
||||
path: sh2bin/builds/linpeas_darwin_arm64
|
||||
@@ -345,82 +345,82 @@ jobs:
|
||||
steps:
|
||||
# Download files to release
|
||||
- name: Download winpeasx64ofs
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASx64_ofs.exe
|
||||
|
||||
- name: Download winpeasx86ofs
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASx86_ofs.exe
|
||||
|
||||
- name: Download winpeasanyofs
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASany_ofs.exe
|
||||
|
||||
- name: Download winpeasx64
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASx64.exe
|
||||
|
||||
- name: Download winpeasx86
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASx86.exe
|
||||
|
||||
- name: Download winpeasany
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEASany.exe
|
||||
|
||||
- name: Download winpeas.bat
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: winPEAS.bat
|
||||
|
||||
- name: Download linpeas.sh
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas.sh
|
||||
|
||||
- name: Download linpeas_fat.sh
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_fat.sh
|
||||
|
||||
- name: Download linpeas_small.sh
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_small.sh
|
||||
|
||||
- name: Download linpeas_linux_386
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_linux_386
|
||||
|
||||
- name: Download linpeas_linux_amd64
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_linux_amd64
|
||||
|
||||
- name: Download linpeas_linux_arm
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_linux_arm
|
||||
|
||||
- name: Download linpeas_linux_arm64
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_linux_arm64
|
||||
|
||||
- name: Download linpeas_darwin_amd64
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_darwin_amd64
|
||||
|
||||
- name: Download linpeas_darwin_arm64
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
with:
|
||||
name: linpeas_darwin_arm64
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ Note that by default, in the releases pages of this repository, you will find a
|
||||
- **linpeas_small.sh**: Contains only the most *important* checks making its size smaller.
|
||||
|
||||
## Quick Start
|
||||
Find the **latest versions of all the scripts and binaries in [the releases page](releases/latest)**.
|
||||
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.
|
||||
|
||||
```bash
|
||||
# From public github
|
||||
|
||||
@@ -26,7 +26,7 @@ if [ "$is_ibm_vm" = "Yes" ]; then
|
||||
|
||||
ibm_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
ibm_req="curl -s -f -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
ibm_req="curl -s -f -L -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
else
|
||||
|
||||
@@ -19,7 +19,7 @@ if [ "$is_aliyun_ecs" = "Yes" ]; then
|
||||
aliyun_token=""
|
||||
if [ "$(command -v curl)" ]; then
|
||||
aliyun_token=$(curl -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
|
||||
aliyun_req='curl -s -f -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
aliyun_req='curl -s -f -L -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
elif [ "$(command -v wget)" ]; then
|
||||
aliyun_token=$(wget -q -O - --method PUT "http://100.100.100.200/latest/api/token" --header "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
|
||||
aliyun_req='wget -q -O --header "X-aliyun-ecs-metadata-token: $aliyun_token"'
|
||||
|
||||
@@ -21,7 +21,7 @@ if [ "$is_aws_ec2" = "Yes" ]; then
|
||||
|
||||
aws_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
aws_req="curl -s -f -H '$HEADER'"
|
||||
aws_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
aws_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
if [ "$is_gcp_function" = "Yes" ]; then
|
||||
gcp_req=""
|
||||
if [ "$(command -v curl)" ]; then
|
||||
gcp_req='curl -s -f -H "Metadata-Flavor: Google"'
|
||||
gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
|
||||
elif [ "$(command -v wget)" ]; then
|
||||
gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
|
||||
else
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
if [ "$is_gcp_vm" = "Yes" ]; then
|
||||
gcp_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
gcp_req='curl -s -f -H "Metadata-Flavor: Google"'
|
||||
gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
|
||||
else
|
||||
|
||||
@@ -22,7 +22,7 @@ if [ "$is_az_vm" = "Yes" ]; then
|
||||
|
||||
az_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -H '$HEADER'"
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -23,7 +23,7 @@ if [ "$is_az_app" = "Yes" ]; then
|
||||
|
||||
az_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -H '$HEADER'"
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
else
|
||||
|
||||
@@ -18,7 +18,7 @@ if [ "$is_do" = "Yes" ]; then
|
||||
|
||||
do_req=""
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
do_req='curl -s -f '
|
||||
do_req='curl -s -f -L '
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
do_req='wget -q -O - '
|
||||
else
|
||||
|
||||
@@ -13,4 +13,4 @@
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
USEFUL_SOFTWARE="authbind aws az base64 ctr curl doas docker fetch g++ gcc gcloud gdb kubectl lxc make nc nc.traditional ncat netcat nmap perl php ping podman python python2 python2.6 python2.7 python3 python3.6 python3.7 pwsh rkt ruby runc socat sudo wget xterm"
|
||||
USEFUL_SOFTWARE="authbind aws az base64 ctr curl doas docker fetch g++ gcc gcloud gdb go kubectl lua lxc make nc nc.traditional ncat netcat nmap perl php ping podman python python2 python2.6 python2.7 python3 python3.6 python3.7 pwsh rkt ruby runc socat sudo wget xterm"
|
||||
|
||||
@@ -75,7 +75,6 @@ namespace winPEAS.Checks
|
||||
//Check parameters
|
||||
bool isAllChecks = true;
|
||||
bool isFileSearchEnabled = false;
|
||||
var searchEnabledChecks = new HashSet<string>() { "fileanalysis, filesinfo" };
|
||||
bool wait = false;
|
||||
FileStream fileStream = null;
|
||||
StreamWriter fileWriter = null;
|
||||
@@ -90,14 +89,15 @@ namespace winPEAS.Checks
|
||||
new SystemCheck("servicesinfo", new ServicesInfo()),
|
||||
new SystemCheck("applicationsinfo", new ApplicationsInfo()),
|
||||
new SystemCheck("networkinfo", new NetworkInfo()),
|
||||
new SystemCheck("cloudinfo", new CloudInfo()),
|
||||
new SystemCheck("windowscreds", new WindowsCreds()),
|
||||
new SystemCheck("browserinfo", new BrowserInfo()),
|
||||
new SystemCheck("filesinfo", new FilesInfo()),
|
||||
new SystemCheck("fileanalysis", new FileAnalysis()),
|
||||
new SystemCheck("cloudinfo", new CloudInfo())
|
||||
};
|
||||
|
||||
var systemCheckAllKeys = new HashSet<string>(_systemChecks.Select(i => i.Key));
|
||||
var print_fileanalysis_warn = true;
|
||||
|
||||
foreach (string arg in args)
|
||||
{
|
||||
@@ -110,6 +110,22 @@ namespace winPEAS.Checks
|
||||
return;
|
||||
}
|
||||
|
||||
if (string.Equals(arg, "fileanalysis", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
print_fileanalysis_warn = false;
|
||||
isFileSearchEnabled = true;
|
||||
}
|
||||
|
||||
if (string.Equals(arg, "filesinfo", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
isFileSearchEnabled = true;
|
||||
}
|
||||
|
||||
if (string.Equals(arg, "all", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
print_fileanalysis_warn = false;
|
||||
}
|
||||
|
||||
if (arg.StartsWith("log", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
// get logfile argument if present
|
||||
@@ -257,14 +273,14 @@ namespace winPEAS.Checks
|
||||
{
|
||||
_systemCheckSelectedKeysHashSet.Add(argToLower);
|
||||
isAllChecks = false;
|
||||
|
||||
if (searchEnabledChecks.Contains(argToLower))
|
||||
{
|
||||
isFileSearchEnabled = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (print_fileanalysis_warn){
|
||||
_systemChecks.RemoveAt(_systemChecks.Count - 1);
|
||||
Beaprint.ColorPrint(" [!] If you want to run the file analysis checks (search sensitive information in files), you need to specify the 'fileanalysis' or 'all' argument. Note that this search might take several minutes. For help, run winpeass.exe --help", Beaprint.YELLOW);
|
||||
}
|
||||
|
||||
if (isAllChecks)
|
||||
{
|
||||
isFileSearchEnabled = true;
|
||||
|
||||
@@ -120,20 +120,22 @@ namespace winPEAS.Helpers
|
||||
|
||||
public static void PrintUsage()
|
||||
{
|
||||
Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR);
|
||||
Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally. By default it'll run all the following checks unless otherwise specified, but you could also indicate as arguments the names of the checks to run if you only want to run a few of them." + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " domain" + GRAY + " Enumerate domain information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " systeminfo" + GRAY + " Search system information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " eventsinfo" + GRAY + " Display interesting events information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " userinfo" + GRAY + " Search user information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " processinfo" + GRAY + " Search processes information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " servicesinfo" + GRAY + " Search services information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " applicationsinfo" + GRAY + " Search installed applications information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " networkinfo" + GRAY + " Search network information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " cloudinfo" + GRAY + " Enumerate cloud information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " windowscreds" + GRAY + " Search windows credentials" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " browserinfo" + GRAY + " Search browser information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " filesinfo" + GRAY + " Search generic files that can contains credentials" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " fileanalysis" + GRAY + " Search specific files that can contains credentials and for regexes inside files" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " eventsinfo" + GRAY + " Display interesting events information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " cloudinfo" + GRAY + " Enumerate cloud information" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " fileanalysis" + GRAY + " [NOT RUN BY DEFAULT] Search specific files that can contains credentials and for regexes inside files. Might take several minutes." + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " all" + GRAY + " Run all checks the previous check including fileanalysis." + NOCOLOR);
|
||||
|
||||
Console.WriteLine();
|
||||
Console.WriteLine(LCYAN + " quiet" + GRAY + " Do not print banner" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " notcolor" + GRAY + " Don't use ansi colors (all white)" + NOCOLOR);
|
||||
@@ -148,7 +150,7 @@ namespace winPEAS.Helpers
|
||||
Console.WriteLine(LCYAN + " -lolbas" + GRAY + $" Run additional LOLBAS check" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " -linpeas=[url]" + GRAY + $" Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL\n" +
|
||||
$" (default: {Checks.Checks.LinpeasUrl})" + NOCOLOR);
|
||||
Console.WriteLine(LCYAN + " -network" + GRAY + $" Run additional network scanning - find network interfaces, hosts and scan nmap top 1000 TCP ports for each host found\n" +
|
||||
Console.WriteLine(LCYAN + " -network|-ports" + GRAY + $" Run additional network scanning - find network interfaces, hosts and scan nmap top 1000 TCP ports for each host found\n" +
|
||||
$" -network=\"auto\" - find interfaces/hosts automatically" + NOCOLOR + "\n" +
|
||||
$" -network=\"10.10.10.10,10.10.10.20\" - scan only selected ip address(es)" + NOCOLOR + "\n" +
|
||||
$" -network=\"10.10.10.10/24\" - scan host based on ip address/netmask" + NOCOLOR + "\n" +
|
||||
|
||||
Reference in New Issue
Block a user