Add SSH_AUTH_SOCK check in linPEAS

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

https://book.hacktricks.xyz

Other

15.75k stars 3.06k forks source link

Add SSH_AUTH_SOCK check in linPEAS #272

Closed clem9669 closed 2 years ago

clem9669 commented 2 years ago

Hey folks,

To my knowledge, linPEAS do not check for SSH_AUTH_SOCK as described here: https://book.hacktricks.xyz/linux-unix/privilege-escalation/ssh-forward-agent-exploitation

Thanks 😄

carlospolop commented 2 years ago

As far as I can see in the code, linpeas is looking for files called "agent*" in /tmp and printing the word ForwardAgent in red from the SSH config. Is there anything you would add/change to check for this privesc?

clem9669 commented 2 years ago

My bad, I missed it 😄