mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2026-02-14 00:26:33 +00:00
Compare commits
2 Commits
master
...
test/chack
| Author | SHA1 | Date | |
|---|---|---|---|
|
60e2691922 | ||
|
be3be69ba3 |
@@ -126,68 +126,37 @@ jobs:
|
||||
|
||||
- name: Commit and push fix branch if changed
|
||||
id: push_fix
|
||||
env:
|
||||
ORIGINAL_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
|
||||
run: |
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
|
||||
pushed=false
|
||||
|
||||
if ! git diff --quiet; then
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
if ! git diff --cached --quiet; then
|
||||
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
|
||||
fi
|
||||
fi
|
||||
|
||||
after_head="$(git rev-parse HEAD)"
|
||||
if [ "$after_head" = "$ORIGINAL_HEAD_SHA" ]; then
|
||||
echo "No commit produced by Chack Agent."
|
||||
if git diff --quiet; then
|
||||
echo "No changes to commit."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
changed_in_range="$(git diff --name-only "$ORIGINAL_HEAD_SHA"..HEAD)"
|
||||
if echo "$changed_in_range" | grep -q '^.github/workflows/'; then
|
||||
echo "Detected workflow changes in Chack commit range; sanitizing commit before push."
|
||||
git diff --binary "$ORIGINAL_HEAD_SHA"..HEAD -- . ':(exclude).github/workflows/**' > /tmp/chack_nonworkflow.patch
|
||||
if [ ! -s /tmp/chack_nonworkflow.patch ]; then
|
||||
echo "Only workflow-file changes were produced; skipping push."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git reset --hard "$ORIGINAL_HEAD_SHA"
|
||||
git apply --index /tmp/chack_nonworkflow.patch
|
||||
if git diff --cached --quiet; then
|
||||
echo "No non-workflow changes left after sanitizing."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
|
||||
if ! git push origin HEAD:"$FIX_BRANCH"; then
|
||||
echo "Push failed (likely token workflow permission limits); skipping PR creation."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
pushed=true
|
||||
|
||||
if [ "$pushed" = "true" ]; then
|
||||
echo "pushed=true" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
echo "pushed=true" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Create PR to master
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' }}
|
||||
@@ -196,34 +165,15 @@ jobs:
|
||||
GH_TOKEN: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
run: |
|
||||
set +e
|
||||
pr_output=$(gh pr create \
|
||||
pr_url=$(gh pr create \
|
||||
--title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
|
||||
--body "Automated Chack Agent fix for failing CI-master_test run: ${RUN_URL}" \
|
||||
--base "$TARGET_BRANCH" \
|
||||
--head "$FIX_BRANCH" 2>&1)
|
||||
rc=$?
|
||||
set -e
|
||||
|
||||
if [ $rc -eq 0 ]; then
|
||||
echo "url=$pr_output" >> "$GITHUB_OUTPUT"
|
||||
echo "created=true" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "$pr_output"
|
||||
if echo "$pr_output" | grep -qi "not permitted to create or approve pull requests"; then
|
||||
echo "PR creation blocked by repository Actions policy. Fix branch was pushed: $FIX_BRANCH"
|
||||
echo "url=" >> "$GITHUB_OUTPUT"
|
||||
echo "created=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Unexpected PR creation error."
|
||||
exit $rc
|
||||
--head "$FIX_BRANCH")
|
||||
echo "url=$pr_url" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Comment on created PR with Chack Agent result
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.create_pr.outputs.created == 'true' && steps.run_chack.outputs.final-message != '' }}
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_chack.outputs.final-message != '' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_URL: ${{ steps.create_pr.outputs.url }}
|
||||
|
||||
@@ -199,44 +199,33 @@ jobs:
|
||||
env:
|
||||
TARGET_BRANCH: ${{ needs.resolve_pr_context.outputs.head_branch }}
|
||||
PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
|
||||
ORIGINAL_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt
|
||||
|
||||
pushed=false
|
||||
|
||||
if ! git diff --quiet; then
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
exit 0
|
||||
fi
|
||||
if ! git diff --cached --quiet; then
|
||||
git commit -m "Fix CI failures for PR #${PR_NUMBER}"
|
||||
fi
|
||||
fi
|
||||
|
||||
after_head="$(git rev-parse HEAD)"
|
||||
if [ "$after_head" = "$ORIGINAL_HEAD_SHA" ]; then
|
||||
echo "No commit produced by Chack Agent for PR #${PR_NUMBER}."
|
||||
if git diff --quiet; then
|
||||
echo "No changes to commit."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
exit 0
|
||||
fi
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
exit 0
|
||||
fi
|
||||
git commit -m "Fix CI failures for PR #${PR_NUMBER}"
|
||||
if ! git push origin HEAD:${TARGET_BRANCH}; then
|
||||
echo "Push failed (likely token workflow permission limits); leaving run successful without push."
|
||||
exit 0
|
||||
fi
|
||||
pushed=true
|
||||
|
||||
if [ "$pushed" = "true" ]; then
|
||||
gh workflow run PR-tests.yml --ref "${TARGET_BRANCH}"
|
||||
fi
|
||||
gh workflow run PR-tests.yml --ref "${TARGET_BRANCH}"
|
||||
|
||||
- name: Comment with Chack Agent result
|
||||
if: ${{ steps.run_chack.outputs.final-message != '' }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
# Title: Users Information - Home SSH permissions
|
||||
# ID: UG_Home_ssh_permissions
|
||||
# Author: Carlos Polop
|
||||
# Last Update: 13-02-2026
|
||||
# Description: Enumerate .ssh directories and key file permissions in user homes.
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title
|
||||
# Global Variables: $MACPEAS
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
print_2title "Home .ssh directories and key permissions"
|
||||
if [ "$MACPEAS" ]; then
|
||||
for d in /Users/*/.ssh; do
|
||||
[ -d "$d" ] || continue
|
||||
ls -ld "$d" 2>/dev/null
|
||||
ls -l "$d"/authorized_keys "$d"/id_* "$d"/*.pub 2>/dev/null | sed "s,^, ,"
|
||||
done
|
||||
else
|
||||
for d in /home/*/.ssh /root/.ssh; do
|
||||
[ -d "$d" ] || continue
|
||||
ls -ld "$d" 2>/dev/null
|
||||
ls -l "$d"/authorized_keys "$d"/id_* "$d"/*.pub 2>/dev/null | sed "s,^, ,"
|
||||
done
|
||||
fi
|
||||
echo ""
|
||||
@@ -46,7 +46,7 @@ class LinpeasBuilder:
|
||||
|
||||
def build(self):
|
||||
print("[+] Building variables...")
|
||||
variables = self.__generate_variabless()
|
||||
variables = self.__generate_variables()
|
||||
self.__replace_mark(PEAS_VARIABLES_MARKUP, variables, "")
|
||||
|
||||
if len(re.findall(r"PSTORAGE_[a-zA-Z0-9_]+", self.linpeas_sh)) > 1: #Only add storages if there are storages (PSTORAGE_BACKUPS is always there so it doesn't count)
|
||||
|
||||
Reference in New Issue
Block a user