From 5cf0a2adc306dafff4449fbdcf9cc035a8fb5e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Naz=C3=A1rio?= Date: Fri, 16 Dec 2022 08:08:41 -0300 Subject: [PATCH] refactor the code Just a proposal --- pes.sh | 130 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 69 insertions(+), 61 deletions(-) diff --git a/pes.sh b/pes.sh index ff5ad06..8cf3c4a 100644 --- a/pes.sh +++ b/pes.sh @@ -1,66 +1,74 @@ #!/bin/bash -touch privEsc.txt - - -function SystemEnum { -echo "" >> privEsc.txt -echo "Service version:" >> privEsc.txt -echo "" >> privEsc.txt -uname -a >> privEsc.txt -echo "" >> privEsc.txt -echo "Architecture:" >> privEsc.txt -echo "" >> privEsc.txt -lscpu >> privEsc.txt -echo "" >> privEsc.txt -echo "Running process:" >> privEsc.txt -echo "" >> privEsc.txt -ps aux >> privEsc.txt -echo "" >> privEsc.txt -echo "SUID:" >> privEsc.txt -echo "" >> privEsc.txt -find / -perm -u=s -type f 2>/dev/null >> privEsc.txt -echo "" >> privEsc.txt -echo "Capabilities" >> privEsc.txt -echo "" >> privEsc.txt -getcap -r / 2>/dev/null >> privEsc.txt -echo "" >> privEsc.txt -echo "Cron" >> privEsc.txt -echo "" >> privEsc.txt -cat /etc/crontab >> privEsc.txt -echo "" >> privEsc.txt -echo "root squash" >> privEsc.txt -cat /etc/exports 2>/dev/null >> privEsc.txt +OUTPUT_FILE='pes.txt' +rm -f $OUTPUT_FILE + +function header() { + + echo '|--------------------------------------------------------------------' >> $OUTPUT_FILE + echo "| $1" >> $OUTPUT_FILE + echo '|--------------------------------------------------------------------' >> $OUTPUT_FILE + echo '' >> $OUTPUT_FILE +} + +function section() { + + echo '' >> $OUTPUT_FILE + echo "||-- $1 --||" >> $OUTPUT_FILE +} + +function cmd() { + + eval "nice -20 $1 2> /dev/null" >> $OUTPUT_FILE } +function SystemEnum() { + + section 'Service version' + cmd 'uname -a' + + section 'Architecture' + cmd 'lscpu' + + section 'Running process' + cmd 'ps aux' + + section 'SUID' + cmd 'find / -perm -u=s -type f' + + section 'Capabilities' + cmd 'getcap -r /' + + section 'Cron' + cmd 'cat /etc/crontab' + + section 'Root Squash' + cmd 'cat /etc/exports' +} + +function UserEnum() { + + section 'Who am i?' + cmd 'whoami' + + section 'id' + cmd 'id' + + section '/etc/passwd' + cmd 'ls -la /etc/passwd' + + section '/etc/shadow' + cmd 'ls -la /etc/shadow' + + section '/etc/group' + cmd 'cat /etc/group' + + section 'SSH keys' + cmd 'find / -name authorized_keys' + cmd 'find / -name id_rsa' -function UserEnum { -echo "" >> privEsc.txt -echo "Who am i?:" >> privEsc.txt -echo "" >> privEsc.txt -whoami >> privEsc.txt -echo "" >> privEsc.txt -echo "id:" >> privEsc.txt -echo "" >> privEsc.txt -id >> privEsc.txt -echo "" >> privEsc.txt -echo "/etc/passwd:" >> privEsc.txt -echo "" >> privEsc.txt -ls -la /etc/passwd >> privEsc.txt -echo "" >> privEsc.txt -echo "/etc/shadow:" >> privEsc.txt -echo "" >> privEsc.txt -ls -la /etc/shadow >> privEsc.txt -echo "" >> privEsc.txt -echo "/etc/group:" >> privEsc.txt -echo "" >> privEsc.txt -cat /etc/group >> privEsc.txt -echo "" >> privEsc.txt -echo "SSH keys:" >> privEsc.txt -find / -name authorized_keys 2>/dev/null >> privEsc.txt -find / -name id_rsa 2>/dev/null >> privEsc.txt -echo "looking for the commands on which the current user has permission:" >> privEsc.txt -find / -perm /4000 2>/dev/null >> privEsc.txt + section 'looking for the commands on which the current user has permission' + cmd 'find / -perm /4000' } echo "---------------------------------------------------------------------------------------" @@ -68,12 +76,12 @@ echo "PES (privilege escalation scanner) by Awkward_Lancer (https://github.com/A echo "---------------------------------------------------------------------------------------" echo "This may take a while..." -echo "The results will be in the privEsc.txt file" +echo "The results will be in the $OUTPUT_FILE file" -echo "SYSTEM ENUMERATION:" >> privEsc.txt +header 'SYSTEM ENUMERATION' SystemEnum -echo "USER ENUMERATION:" >> privEsc.txt +header 'USER ENUMERATION' UserEnum echo "The scanning is over, thank you for use PES"