Update linuxprivchecker.sh #10
Conversation
- updated version of Update linuxprivchecker.sh #8 - I removed colors for now because when you ">" output to a file, the color characters are present in that file and breaks things up. - I changed [+] to OK and [-] to FAILED. Since this is for the pentesting community, maybe we don't need OK/FAILED because [+] and [-] is understood? - Fixed the Related Shell Escape Sequences issue - Replaced printf with echo because it didn't play well with % in outputs from ${cmdRESULT%?}.
|
Hey @5aru @linted, I would like to share my thoughts about using this pull request script in my oscp exam:
I plan on putting some changes through the script in the next few days since. |
|
I apologize that I'd not gotten back to you sooner. I originally saw the pull request, but it was late at night, so I didn't touch it, and I'd forgotten about it by the next day. I agree that including the colors in the output was a bit pointless, but it was innocuous, which is why I didn't really oppose it at first. I really don't mind the [OK], [FAILED] notations. My only real comment is that [-],[+] are kind of the unwritten standard and that it kind of breaks away from the standard. This is kind of like the above point; it's kind of innocuous. Finally, I agree that the section headers are kind of hard to notice as you're scrolling past. Usually I do something to the affect of the example you presented above. I chose not to do that when porting the script from python primarily to keep everything looking like the initial python script. I feel that most of these are purely aesthetic and don't really impact the actual functionality of the script apart from minor bugs. All in all, I do think it is more easy to read with the exception of line 215 which is just a lot to consume. However, it's purpose is still quite clear. @alibkaba, hope your OSCP exam went well. |
linuxprivchecker.sh
Outdated
| echo -ne "perl-->\tperl -e 'exec \"/bin/bash\";'\n" | sed 's|^| |' | ||
| fi | ||
| systemNAME="Related Shell Escape Sequences"; | ||
| cmdRESPONSE "if [ -x "$(command -v vi)" ]; then echo -ne \"vi-->\t:!bash\n\"; echo -ne \"vi-->\t:set shell=/bin/bash:shell\n\"; fi; if [ -x "$(command -v vim)" ]; then echo -ne \"vim-->\t:!bash\n\" | sed 's|^| |'; echo -ne \"vim-->\t:set shell=/bin/bash:shell\n\" | sed 's|^| |'; fi; if [ -x "$(command -v awk)" ]; then echo -ne \"awk-->\tawk 'BEGIN {system(\"/bin/bash\")}'\n\" | sed 's|^| |'; fi; if [ -x "$(command -v perl)" ]; then echo -ne \"perl-->\tperl -e 'exec \"/bin/bash\";'\n\" | sed 's|^| |'; fi; if [ -x "$(command -v python)" ]; then echo -ne \"python-->\tpython -c '__import__(\"os\").system(\"/bin/bash\")'\n\" | sed 's|^| |'; fi; if [ -x "$(command -v find)" ]; then echo -ne \"find->\tfind / -exec /usr/bin/awk 'BEGIN {system(\"/bin/bash\")}' \\;\n\" | sed 's|^| |'; fi; if [ -x "$(command -v nmap)" ]; then echo -ne \"nmap-->\t--interactive\n\" | sed 's|^| |'; fi"; |
There was a problem hiding this comment.
This is just a lot to consume. It's not unclear, but quite a bit a first glance. I imagine it was done this way to make it easy to pass to cmdRESPONSE
There was a problem hiding this comment.
@5aru No worries, I'm not in a rush here....so take your time...no one is going to die :)
And yes, its so that it can get passed into that cmdRESPONSE and not repeat the Related Shell Escape Sequences for each.
The code is the same, I just push it all in one line and added \ for the double quotations.
There was a problem hiding this comment.
oh man, that's ugly. Is there anyway to make that multiple lines without having to break it up? I would like for this script to be easy to read. Personally I think if its easy to read even for people who don't know bash that will make the credibility of the script to improve. I know a couple pen testers who don't know code and a complicated line like this would definetly turn them away. However if we can't split it up without a ton of encoding, then this will have to work.
There was a problem hiding this comment.
Hey @5aru
Thanks for the feedback and I just want to make sure that you take your time, I do this because I enjoy it and want to learn more from others like you and @linted
I totally agree with you, [-] and [+] are unwritten standards...maybe I can make some adjustments to the text right next to them so that they look cleaner.
I'll make some adjustments.
I see your points of not porting that over, the need to keep things to look like the initial python script and I failed to remember that. I'll try and remember that when coding, and maybe assist updating the python script.
Line 215 code is good but its a bit scary because it has five different if statements written in one line.
Let me see what I can do to make it readable.
I finished my exam but I know I failed it because I think I scored ~40-50. I learned a lot from it and really glad I failed because now I know what to work on.
There was a problem hiding this comment.
Hey, so I just ran this version on a box on hackthebox.eu. I'm sorry I don't know what all changed, but this runs way too slow. The run rate of this verses the version in master is n^2. I'm not sure what is causing but if I had to guess it's probably the way printing is being handled. @alibkaba
|
After you mentioned this, I checked the times of the current script verse the proposed script and it is a substantially longer runtime. About 10s vs 1m28s |
linuxprivchecker.sh
Outdated
| echo "${cmdRESULT%?}"; | ||
| echo | ||
| fi | ||
| sleep .5s; |
There was a problem hiding this comment.
@5aru @linted
The script has a 5 second delay for every title (line 55) command (line 72).
The delay allowed me to read things before the next cmd (personal preference). I picked this up from an OSCP troubleshooting script.
Glad you guys caught this but the speed was intentional.
Anyway by removing line 75 AND line 55, the script will be going as fast as before.
Updated [-] and [+]. Fixed Line 215 (now line 211 to 233). The code is more readable. Updated the line to be the same ####. If this looks good, I can work on the Python one to look about (if not) the same like this one. This would be an opportunity for me to get better at Python.
|
@5aru @linted If this looks good, I can work on the Python one to look about (if not) the same like this one. This would be an opportunity for me to get better at Python. |
Added @5aru changes mentioned in User specific sudo permissions #11
|
Added @5aru changes mentioned in User specific sudo permissions #11 |
|
@alibkaba Sorry for the wait, I was distracted with getting the exploit search server thingy working. I ran your script against what we have in master using |
|
@5aru @linted I took my exam on Monday and passed it. pentestmonkey's script but that one broke a few times since it really digs deeper. Anyway, have a great weekend! |
|
Hey man, Congrats on passing! Thats a really big deal! I am glad that this script was able to help you on the exam! Thats the whole reason why I love working on these things. I do have to admit the real reason why we started work on this project was because we kept running to boxes on hackthebox.eu which didn't have python3 installed. from there we branched out to bash. Anyways, good luck on your osce! that's a hard one, but I am sure you will do great! |
@5aru @linted