another linpeas fix

peass-ng · Dec 5, 2024 · 2a71da4 · 2a71da4
1 parent 1e1a8a7
commit 2a71da4
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 3 deletions.
diff --git a/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh b/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
@@ -47,18 +47,22 @@ if [ "$is_az_vm" = "Yes" ]; then
     echo ""
 
     print_3title "Management token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
     echo ""
 
     print_3title "Graph token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
     echo ""
 
     print_3title "Vault token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
     echo ""
 
     print_3title "Storage token"
+    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
     echo ""
   fi

diff --git a/linPEAS/builder/linpeas_parts/7_software_information/Mysql.sh b/linPEAS/builder/linpeas_parts/7_software_information/Mysql.sh
@@ -36,7 +36,7 @@ if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
       for f in $(find $d -name user.MYD 2>/dev/null); do
         if [ -r "$f" ]; then
           echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED},"
-          grep -oaE "[-_\.\*a-Z0-9]{3,}" "$f" | grep -v "mysql_native_password"
+          grep -oaE "[-_\.\*a-zA-Z0-9]{3,}" "$f" | grep -v "mysql_native_password"
         fi
       done
 

diff --git a/linPEAS/builder/linpeas_parts/functions/check_tencent_cvm.sh b/linPEAS/builder/linpeas_parts/functions/check_tencent_cvm.sh
@@ -16,7 +16,7 @@
 
 check_tencent_cvm () {
   is_tencent_cvm="No"
-  if grep -qi Tencent /etc/cloud/cloud.cfg; then
+  if grep -qi Tencent /etc/cloud/cloud.cfg 2>/dev/null; then
       is_tencent_cvm="Yes"
   fi
 }
diff --git a/linPEAS/builder/src/linpeasBuilder.py b/linPEAS/builder/src/linpeasBuilder.py
@@ -365,7 +365,7 @@ def __get_gtfobins_lists(self) -> tuple:
                     rb = requests.get(f"https://raw.githubusercontent.com/GTFOBins/GTFOBins.github.io/master/_gtfobins/{b}.md", timeout=5)
             if "sudo:" in rb.text:
                 if len(b) <= 3:
-                    sudoVB.append("[^a-z-Z0-9]"+b+"$") # Less false possitives applied to small names
+                    sudoVB.append("[^a-zA-Z0-9]"+b+"$") # Less false possitives applied to small names
                 else:
                     sudoVB.append(b+"$")
             if "suid:" in rb.text: