search

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
https://book.hacktricks.xyz
Other
16.16k stars 3.11k forks source link

Some syntax error while passing data to sed #37

Closed dmknght closed 4 years ago

dmknght commented 4 years ago

Version: linpeas v2.4.4 by carlospolop Tested with Parrot OS 4.8

[+] PATH
[i] Any writable folder in original PATH? (a new completed path will be exported)
./linpeas.sh: 625: sed: Argument list too long
./linpeas.sh: 626: sed: Argument list too long
[i] Check if you can mount umounted devices
./linpeas.sh: 695: sed: Argument list too long
================================( Processes, Cron & Services )================================
[+] Cleaned processes
[i] Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes
./linpeas.sh: 736: sed: Argument list too long

[+] Binary processes permissions
[i] https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes
./linpeas.sh: 742: sed: Argument list too long

[+] Cron jobs
[i] https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-jobs
./linpeas.sh: 757: sed: Argument list too long
-rw-r--r-- 1 root root 1042 Mar 10  2019 /etc/crontab
carlospolop commented 4 years ago

Hey @dmknght, Could you execute 

WF=`find /dev /srv /proc /home /media /sys /lost+found /run /etc /root /var /tmp /mnt /boot /opt -type d -maxdepth $MAXPATH_FIND_W -writable 2>/dev/null | sort`

Modify (but not delete as I need to see how many results you have) any confidential info and share the value of the variable $WF? I would need that value to replay the error

dmknght commented 4 years ago

Hey @dmknght, Could you execute

WF=`find /dev /srv /proc /home /media /sys /lost+found /run /etc /root /var /tmp /mnt /boot /opt -type d -maxdepth $MAXPATH_FIND_W -writable 2>/dev/null | sort`

Modify (but not delete as I need to see how many results you have) any confidential info and share the value of the variable $WF? I would need that value to replay the error

Well it is empty. So i guess you should make if-else to display "not found"

carlospolop commented 4 years ago

That line is looking for writable files in your disk, if it's empty that means you don't have writable permissions over any file. is that true?

dmknght commented 4 years ago

That line is looking for writable files in your disk, if it's empty that means you don't have writable permissions over any file. is that true?

I have in $HOME. But you are using -type d which is directory. So as you said, you should use -type f for files. p/s: OFC i'm having writeable files and folders in $HOME

carlospolop commented 4 years ago

Sorry mate, it is looking for writable directories not files, and thats good. The problem here is that you have too much writable directories that break grep. Therefore $WF shouldn't be empty. Anyway, when I have time I will try to replicate an environment with thousands of writable directories and will find way to fix it in an efficient manner. In the meantime you can change in line 15 the code MAXPATH_FIND_W="7" for MAXPATH_FIND_W="3" as temporary fix.

dmknght commented 4 years ago

Sorry mate, it is looking for writable directories not files, and thats good. The problem here is that you have too much writable directories that break grep. Therefore $WF shouldn't be empty. Anyway, when I have time I will try to replicate an environment with thousands of writable directories and will find way to fix it in an efficient manner. In the meantime you can change in line 15 the code MAXPATH_FIND_W="7" for MAXPATH_FIND_W="3" as temporary fix.

ah shit i copied your whole command and $MAXPATH_FIND_W was empty value so it didn't work. So i tested with find /root /tmp -type d -maxdepth 3 -writable 2>/dev/null and it showed.

dmknght commented 4 years ago

BTW the search for private key is extremely slow because of grep so many files. So do you have any idea to improve it or avoid it?

dmknght commented 4 years ago

The problem here is that you have too much writable directories that break grep

The maximum is 127 or 255 am i right?

carlospolop commented 4 years ago

Hi @dmknght,

I have uploaded a new linpeas version. In this version if should automatically check if that error is occurring an in that case find less writable directories until the error stop appearing. Could you check if it's working on your environment?

dmknght commented 4 years ago

Hi @dmknght,

I have uploaded a new linpeas version. In this version if should automatically check if that error is occurring an in that case find less writable directories until the error stop appearing. Could you check if it's working on your environment?

I'm testing it right now :D

dmknght commented 4 years ago

Hi @dmknght,

I have uploaded a new linpeas version. In this version if should automatically check if that error is occurring an in that case find less writable directories until the error stop appearing. Could you check if it's working on your environment?

./linpeas.sh: 166: 7=6: not found. It shows this in a loop

carlospolop commented 4 years ago

Sorry mate, try now

dmknght commented 4 years ago

Sorry mate, try now

looks good. New version brings other problem i'm creating nnew issue right now.