Skip to content

Commit

Permalink
peass-ng
Browse files Browse the repository at this point in the history
  • Loading branch information
carlospolop committed Apr 4, 2024
1 parent e879812 commit c37db46
Show file tree
Hide file tree
Showing 17 changed files with 56 additions and 61 deletions.
10 changes: 5 additions & 5 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
# Contributing to this repository

## Making Suggestions
If you want to make a suggestion for linpeas or winpeas please use **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**
If you want to make a suggestion for linpeas or winpeas please use **[github issues](https://github.com/peass-ng/PEASS-ng/issues)**

## Do don't know how to help?
Check out the **[TODO](https://github.com/carlospolop/PEASS-ng/blob/master/TODO.md) page**
Check out the **[TODO](https://github.com/peass-ng/PEASS-ng/blob/master/TODO.md) page**

## Searching for files with sensitive information
From the PEASS-ng release **winpeas and linpeas are auto-built** and will search for files containing sensitive information specified in the **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** file.
From the PEASS-ng release **winpeas and linpeas are auto-built** and will search for files containing sensitive information specified in the **[sesitive_files.yaml](https://github.com/peass-ng/PEASS-ng/blob/master/build_lists/sensitive_files.yaml)** file.

If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). You can find examples of how to contribute to this file inside the file.
If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/peass-ng/PEASS-ng/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). You can find examples of how to contribute to this file inside the file.
Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud.

## Specific LinPEAS additions
From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
The new linpeas.sh script will be auto-generated in the PR.

## Specific WinPEAS additions
Expand Down
16 changes: 7 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation

![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/peass.png)
![](https://github.com/peass-ng/PEASS-ng/raw/master/linPEAS/images/peass.png)

![](https://img.shields.io/badge/Black-Arch-black) ![](https://img.shields.io/badge/Arch-AUR-brightgreen) ![](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202020-red)

Expand All @@ -13,28 +13,26 @@ Here you will find **privilege escalation tools for Windows and Linux/Unix\* and
These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.

- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation)**
- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
- **[WinPEAS](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**

- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist)**
- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
- **[LinPEAS](https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**

## Quick Start
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.

## JSON, HTML & PDF output
Check the **[parsers](./parsers/)** directory to **transform PEASS outputs to JSON, HTML and PDF**

## Support PEASS-ng and HackTricks and get benefits
## Join us!

Do you want to have **access the latest version of Hacktricks and PEASS**, obtain a **PDF copy of Hacktricks**, and more? Discover the **brand new [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop?frequency=one-time) for individuals and companies**.

**LinPEAS, WinPEAS and MacPEAS** aren’t enough for you? Welcome [**The PEASS Family**](https://opensea.io/collection/the-peass-family/), a limited collection of [**exclusive NFTs**](https://opensea.io/collection/the-peass-family/) of our favourite PEASS in disguise, designed by my team. Go **get your favourite and make it yours!** And if you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**
If you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**

You can also, join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) to learn about latest news in cybersecurity and meet other cybersecurity enthusiasts, or follow me on Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).

## Let's improve PEASS together

If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/peass-ng/PEASS-ng/blob/master/CONTRIBUTING.md)** file.

## Advisory

Expand Down
2 changes: 1 addition & 1 deletion TODO.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# TODO

### Generate Nice Reports
- [x] Create a parser from linpeas and winpeas.exe output to JSON. You can fin it [here](https://github.com/carlospolop/PEASS-ng/tree/master/parser).
- [x] Create a parser from linpeas and winpeas.exe output to JSON. You can fin it [here](https://github.com/peass-ng/PEASS-ng/tree/master/parser).
- [ ] Create a python script that generates a nice HTML/PDF from the JSON output

### Generate a DB of Known Vulnerable Binaries
Expand Down
18 changes: 9 additions & 9 deletions linPEAS/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# LinPEAS - Linux Privilege Escalation Awesome Script

![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/linpeas.png)
![](https://github.com/peass-ng/PEASS-ng/raw/master/linPEAS/images/linpeas.png)

**LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix\*/MacOS hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/linux-hardening/privilege-escalation)**

Expand All @@ -13,16 +13,16 @@ Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks
Just execute `linpeas.sh` in a MacOS system and the **MacPEAS version will be automatically executed**

## Quick Start
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.

```bash
# From github
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

# Without curl
python -c "import urllib.request; urllib.request.urlretrieve('https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh', 'linpeas.sh')"
python -c "import urllib.request; urllib.request.urlretrieve('https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh', 'linpeas.sh')"

python3 -c "import urllib.request; urllib.request.urlretrieve('https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh', 'linpeas.sh')"
python3 -c "import urllib.request; urllib.request.urlretrieve('https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh', 'linpeas.sh')"
```

```bash
Expand All @@ -47,7 +47,7 @@ less -r /dev/shm/linpeas.txt #Read with colors

```bash
# Use a linpeas binary
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas_linux_amd64
chmod +x linpeas_linux_amd64
./linpeas_linux_amd64
```
Expand Down Expand Up @@ -149,7 +149,7 @@ With LinPEAS you can also **discover hosts automatically** using `fping`, `ping`

LinPEAS will **automatically search for this binaries** in `$PATH` and let you know if any of them is available. In that case you can use LinPEAS to hosts dicovery and/or port scanning.

![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/network.png)
![](https://github.com/peass-ng/PEASS-ng/raw/master/linPEAS/images/network.png)


## Colors
Expand Down Expand Up @@ -223,9 +223,9 @@ Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/s

## Collaborate

If you want to help with the TODO tasks or with anything, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues) or you can submit a pull request**.
If you want to help with the TODO tasks or with anything, you can do it using **[github issues](https://github.com/peass-ng/PEASS-ng/issues) or you can submit a pull request**.

If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
If you find any issue, please report it using **[github issues](https://github.com/peass-ng/PEASS-ng/issues)**.

**Linpeas** is being **updated** every time I find something that could be useful to escalate privileges.

Expand Down
4 changes: 1 addition & 3 deletions linPEAS/builder/linpeas_parts/linpeas_base.sh
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,6 @@ print_support () {
${GREEN}/---------------------------------------------------------------------------------\\
| ${BLUE}Do you like PEASS?${GREEN} |
|---------------------------------------------------------------------------------|
| ${YELLOW}Get the latest version${GREEN} : ${RED}https://github.com/sponsors/carlospolop${GREEN} |
| ${YELLOW}Follow on Twitter${GREEN} : ${RED}@hacktricks_live${GREEN} |
| ${YELLOW}Respect on HTB${GREEN} : ${RED}SirBroccoli ${GREEN} |
|---------------------------------------------------------------------------------|
Expand All @@ -261,7 +260,7 @@ print_support () {

echo ""
if [ ! "$QUIET" ]; then print_banner; print_support; fi
printf ${BLUE}" $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC;
printf ${BLUE}" $SCRIPTNAME-$VERSION ${YELLOW}by github.com/PEASS-ng\n"$NC;
echo ""
printf ${YELLOW}"ADVISORY: ${BLUE}$ADVISORY\n$NC"
echo ""
Expand Down Expand Up @@ -805,7 +804,6 @@ check_dns(){
###########################################
#----------) Network functions (----------#
###########################################
# Adapted from https://github.com/carlospolop/bashReconScan/blob/master/brs.sh
basic_net_info(){
print_title "Basic Network Info"
Expand Down
6 changes: 3 additions & 3 deletions metasploit/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ In Kali:
```bash
sudo cp ./peass.rb /usr/share/metasploit-framework/modules/post/multi/gather/
# or
sudo wget https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/metasploit/peass.rb -O /usr/share/metasploit-framework/modules/post/multi/gather/peass.rb
sudo wget https://raw.githubusercontent.com/peass-ng/PEASS-ng/master/metasploit/peass.rb -O /usr/share/metasploit-framework/modules/post/multi/gather/peass.rb
```

Now you can do `reload_all` inside a running msfconsole or the next time you launch a new msfconsole the peass module will be **automatically loaded**.
Expand Down Expand Up @@ -38,7 +38,7 @@ Basic options:
PARAMETERS no Parameters to pass to the script
PASSWORD um1xipfws17nkw1bi1ma3bh7tzt4mo3e no Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used
.
PEASS_URL https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/wi yes Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/carlospolop/PEASS-ng
PEASS_URL https://raw.githubusercontent.com/peass-ng/PEASS-ng/master/winPEAS/wi yes Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/peass-ng/PEASS-ng
nPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe /master/linPEAS/linpeas.sh
SESSION yes The session to run this module on.
SRVHOST no Set your metasploit instance IP if you want to download the PEASS script from here via http(s) instead of uploading it.
Expand All @@ -61,7 +61,7 @@ Description:
HTTP instead of uploading it.
References:
https://github.com/carlospolop/PEASS-ng
https://github.com/peass-ng/PEASS-ng
https://www.youtube.com/watch?v=9_fJv_weLU0
```

Expand Down
4 changes: 2 additions & 2 deletions metasploit/peass.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,13 @@ def initialize(info={})
'SessionTypes' => ['shell', 'meterpreter'],
'References' =>
[
['URL', 'https://github.com/carlospolop/PEASS-ng'],
['URL', 'https://github.com/peass-ng/PEASS-ng'],
['URL', 'https://www.youtube.com/watch?v=9_fJv_weLU0'],
]
))
register_options(
[
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]),
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]),
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
Expand Down
2 changes: 1 addition & 1 deletion parsers/json2html.ps1
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Based on https://github.com/carlospolop/PEASS-ng/blob/master/parsers/json2html.py
# Based on https://github.com/peass-ng/PEASS-ng/blob/master/parsers/json2html.py
# TODO: create the script
function parse_dict {
param (
Expand Down
2 changes: 1 addition & 1 deletion parsers/peas2json.ps1
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Based on https://github.com/carlospolop/PEASS-ng/blob/master/parsers/peas2json.py
# Based on https://github.com/peass-ng/PEASS-ng/blob/master/parsers/peas2json.py

# Pattern to identify main section titles
$CHAR_1 = [String][char]0x2550 #
Expand Down
10 changes: 5 additions & 5 deletions winPEAS/README.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
# Windows Privilege Escalation Awesome Scripts

![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
![](https://github.com/peass-ng/PEASS-ng/raw/master/winPEAS/winPEASexe/images/winpeas.png)

Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation)**

Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation)**

## Quick Start
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.

## WinPEAS Flavours
- [Link to WinPEAS C# .exe project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
- [Link to WinPEAS C# .exe project](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
- **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
- [Link to WinPEAS .ps1 project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASps1)
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
- [Link to WinPEAS .ps1 project](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS/winPEASps1)
- [Link to WinPEAS .bat project](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS/winPEASbat)


## PEASS Style
Expand Down
2 changes: 1 addition & 1 deletion winPEAS/winPEASbat/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Windows Privilege Escalation Awesome Script (.bat)

![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
![](https://github.com/peass-ng/PEASS-ng/raw/master/winPEAS/winPEASexe/images/winpeas.png)

**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation)**

Expand Down
4 changes: 2 additions & 2 deletions winPEAS/winPEASbat/winPEAS.bat
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ COLOR 0F
CALL :SetOnce

REM :: WinPEAS - Windows local Privilege Escalation Awesome Script
REM :: Code by carlospolop; Re-Write by ThisLimn0
REM :: Code by PEASS-ng; Re-Write by ThisLimn0

REM Registry scan of other drives besides
REM /////true or false
Expand Down Expand Up @@ -46,7 +46,7 @@ CALL :ColorLine " %E%32m(((((((((. ,%E%92m(############################(%E%32m
CALL :ColorLine " %E%32m(((((((((/, %E%92m,####################(%E%32m/..((((((((((.%E%97m"
CALL :ColorLine " %E%32m(((((((((/,. %E%92m,*//////*,.%E%32m ./(((((((((((.%E%97m"
CALL :ColorLine " %E%32m(((((((((((((((((((((((((((/%E%97m"
ECHO. by carlospolop
ECHO. by github.com/PEASS-ng
ECHO.
ECHO.

Expand Down
Loading

0 comments on commit c37db46

Please sign in to comment.