diego-treitos / linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels
GNU General Public License v3.0
3.45k stars 573 forks source link

Uncommon setuid binaries #42

Closed 0xsan-z closed 4 years ago

0xsan-z commented 4 years ago

Hi diego,

Their seems to be a problem in "Uncommon setuid binaries" check if the uncommon suid binary names matches to that of in ${lse_common_setuid} e.g. ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh

!/bin/sh

setuidbin=sys for cs in ping ping6; do setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"; done; printf "$setuidbin\n"

┌──(kali㉿kali)-[/tmp] └─$ ./test.sh sys <=========================== OK

= = = = ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh

!/bin/sh

setuidbin=pingsys for cs in ping ping6; do setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"; done; printf "$setuidbin\n"

┌──(kali㉿kali)-[/tmp] └─$ ./test.sh
<=========================== NOT OK, was expecting pingsys

Was doing a room on THM where we have to do privesc using an uncommon suid binary named "pingsys" and to my surprise it was not picked up by lse in Uncommon setuid binaries.

Please have a look.

diego-treitos commented 4 years ago

Thanks a lot for reporting this @0xsan-z . Indeed that is a poor check. It should be fixed on version 2.8 that I've just released.