fix linpeas

linPEAS/README.md

@@ -22,7 +22,7 @@ Check how to **select the checks you want to build [in your own linpeas followin
 
 Note that by default, in the releases pages of this repository, you will find a **linpeas with all the checks**.
 
-## Differences between `linpeas_fat.sh`, `linpeas.sh` and `linpeas_small.sh`:
+## Differences between `linpeas_fat.sh`, `linpeas.sh` and `linpeas_small.sh`:
 
 - **linpeas_fat.sh**: Contains all checks, even third party applications in base64 embedded.
 - **linpeas.sh**: Contains all checks, but only the third party application `linux exploit suggester` is embedded. This is the default `linpeas.sh`.

linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh

@@ -14,6 +14,7 @@
 
 
 printf "${YELLOW}Learn and practice cloud hacking techniques in ${BLUE}training.hacktricks.xyz\n"$NC
+echo ""
 
 print_list "GCP Virtual Machine? ................. $is_gcp_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "GCP Cloud Funtion? ................... $is_gcp_function\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"

linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh

@@ -32,21 +32,35 @@ if [ "$is_az_vm" = "Yes" ]; then
   if [ "$az_req" ]; then
     print_3title "Instance details"
     exec_with_jq eval $az_req "$URL/instance?api-version=$API_VERSION"
+    echo ""
 
     print_3title "Load Balancer details"
     exec_with_jq eval $az_req "$URL/loadbalancer?api-version=$API_VERSION"
+    echo ""
+
+    print_3title "User Data"
+    exec_with_jq eval $az_req "$URL/instance/compute/userData?api-version=$API_VERSION\&format=text" | base64 -d 2>/dev/null
+    echo ""
+
+    print_3title "Custom Data and other configs (root needed)"
+    (cat /var/lib/waagent/ovf-env.xml || cat /var/lib/waagent/CustomData/ovf-env.xml) 2>/dev/null | sed "s,CustomData.*,${SED_RED},"
+    echo ""
 
     print_3title "Management token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
+    echo ""
 
     print_3title "Graph token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
+    echo ""
     
     print_3title "Vault token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
+    echo ""
 
     print_3title "Storage token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
+    echo ""
   fi
   echo ""
 fi

linPEAS/builder/linpeas_parts/functions/check_aliyun_ecs.sh

@@ -13,8 +13,7 @@
 # Small linpeas: 1
 
 
-
-check_aliyun_ecs () {
+check_aliyun_ecs(){
   is_aliyun_ecs="No"
   if [ -f "/etc/cloud/cloud.cfg.d/aliyun_cloud.cfg" ]; then 
     is_aliyun_ecs="Yes"

linPEAS/builder/linpeas_parts/functions/check_tencent_cvm.sh

@@ -16,7 +16,7 @@
 
 check_tencent_cvm () {
   is_tencent_cvm="No"
-  if [ -f "/etc/cloud/cloud.cfg.d/05_logging.cfg" ] || grep -qi Tencent /etc/cloud/cloud.cfg; then
+  if grep -qi Tencent /etc/cloud/cloud.cfg; then
       is_tencent_cvm="Yes"
   fi
 }

linPEAS/builder/src/linpeasBaseBuilder.py

@@ -66,7 +66,7 @@ class LinpeasBaseBuilder:
             self.linpeas_base += f"\nif echo $CHECKS | grep -q {section_info['name_check']}; then\n"
             self.linpeas_base += f'print_title "{section_name}"\n'
 
-            # Sort checks alphabetically to get them in the same order of they are in the folder
+            # Sort checks alphabetically to get them in the same order as they are in the folder
             section_info["checks"] = sorted(section_info["checks"], key=lambda x: int(os.path.basename(x.path).split('_')[0]) if os.path.basename(x.path).split('_')[0].isdigit() else 99)
             for check in section_info["checks"]:
                 for func in check.initial_functions:
@@ -193,8 +193,9 @@ class LinpeasBaseBuilder:
     
     def get_funcs_deps(self, module, all_funcs):
         """Given 1 module and the list of modules return the functions recursively it depends on"""
-            
-        for func in module.functions_used:
+        
+        module_funcs = list(set(module.initial_functions + module.functions_used))
+        for func in module_funcs:
             func_module = self.find_func_module(func)
             #print(f"{module.id} has found {func} in {func_module.id}") #To find circular dependencies
             if not func_module.is_function:

linPEAS/builder/src/linpeasBuilder.py

@@ -365,7 +365,7 @@ class LinpeasBuilder:
                     rb = requests.get(f"https://raw.githubusercontent.com/GTFOBins/GTFOBins.github.io/master/_gtfobins/{b}.md", timeout=5)
             if "sudo:" in rb.text:
                 if len(b) <= 3:
-                    sudoVB.append("[^a-ZA-Z0-9]"+b+"$") # Less false possitives applied to small names
+                    sudoVB.append("[^a-z-Z0-9]"+b+"$") # Less false possitives applied to small names
                 else:
                     sudoVB.append(b+"$")
             if "suid:" in rb.text: