search

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
https://book.hacktricks.xyz
Other
15.73k stars 3.05k forks source link

Linpeas : CVE-2021-3560 (Latest Changes Not working) #269

Closed An0nUD4Y closed 2 years ago

An0nUD4Y commented 2 years ago

If you are going to suggest something, please remove the following template.

Issue description

Latest changes made in Linpeas to Detect CVE-2021-3560 , is not working on HTB Paper Machine.

Steps to reproduce the issue

  1. Get the Linpeas.sh with these changes and run it on Machine (HTB-Paper) vulnerable to CVE-2021-3560 , It will prompt that machine is vulnerable.
  2. Again Get Linpeas.sh with these changes and run it on same machine and it won't say that machine is vulenarable to CVE-2021-3560

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

Linux paper 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux, Linux version 4.18.0-348.7.1.el8_5.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-4)

Code Responsible for this Behaviour

Not Working
#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" -ge 1 ]]; then
    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
    echo ""
fi
Working
#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" ]]; then
    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
fi

NOTE: I have not tested it against any other machine. This issue is created completely based on that particular HackTheBox Machine Paper.

carlospolop commented 2 years ago

Could you test the latest version and let me know if it works? (It will be released in a couple of hours)

godylockz commented 2 years ago

@carlospolop Verified on HTB Paper 02-13-2022 with latest linpeas version You can close this issue.

carlospolop commented 2 years ago

Thanks!

laikas123 commented 1 year ago

I am able to reproduce this issue when running the latest linpeas.sh from this page: https://github.com/carlospolop/PEASS-ng/releases/tag/20230813-dc8384b3

I had the exact same scenario, that it won't detect it on paper from hack the box.

Please let me know if there's any tests I can run to help.

SeanTheITGuy commented 10 months ago

Can confirm that the problem still exists and that the latest linpeas.sh as of today doesn't detect CVE-2021-3560 properly

rebrec commented 7 months ago

I can confirm that the problem still occurs (system is not detected as vulnerable)... any idea of why this problem is comming back ? Tested with latest linpeas.sh against HTB box Paper