Skip to content

Commit 85a55d0

Browse files
ThatTotallyRealMythThatTotallyRealMyth
authored
Merge pull request #1 from ThatTotallyRealMyth/ThatTotallyRealMyth-4_capEdit-1
Update 4_Capabilities.sh: Fix capability decoding to prevent shell from displaying excessive number sequence
2 parents ef28ef7 + 01bf3a4 commit 85a55d0

File tree

1 file changed

+35
-10
lines changed

1 file changed

+35
-10
lines changed

linPEAS/builder/linpeas_parts/8_interesting_perms_files/4_Capabilities.sh

Lines changed: 35 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,33 +11,59 @@
1111
# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln
1212
# Fat linpeas: 0
1313
# Small linpeas: 1
14-
15-
1614
if ! [ "$SEARCH_IN_FOLDER" ]; then
1715
print_2title "Capabilities"
1816
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities"
1917
if [ "$(command -v capsh || echo -n '')" ]; then
20-
2118
print_3title "Current shell capabilities"
2219
cat "/proc/$$/status" | grep Cap | while read -r cap_line; do
2320
cap_name=$(echo "$cap_line" | awk '{print $1}')
2421
cap_value=$(echo "$cap_line" | awk '{print $2}')
2522
if [ "$cap_name" = "CapEff:" ]; then
26-
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
23+
# Add validation check for cap_value
24+
# For more POSIX-compliant formatting, the following could be used instead:
25+
# if echo "$cap_value" | grep -E '^[0-9a-fA-F]+$' > /dev/null 2>&1; then
26+
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
27+
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
28+
# so we redirect stderr to prevent error propagation
29+
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
30+
else
31+
echo "$cap_name [Invalid capability format]"
32+
fi
2733
else
28-
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
34+
# Add validation check for cap_value
35+
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
36+
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
37+
# so we redirect stderr to prevent error propagation
38+
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
39+
else
40+
echo "$cap_name [Invalid capability format]"
41+
fi
2942
fi
3043
done
3144
echo ""
32-
3345
print_info "Parent process capabilities"
3446
cat "/proc/$PPID/status" | grep Cap | while read -r cap_line; do
3547
cap_name=$(echo "$cap_line" | awk '{print $1}')
3648
cap_value=$(echo "$cap_line" | awk '{print $2}')
3749
if [ "$cap_name" = "CapEff:" ]; then
38-
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
50+
# Add validation check for cap_value
51+
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
52+
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
53+
# so we redirect stderr to prevent error propagation
54+
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
55+
else
56+
echo "$cap_name [Invalid capability format]"
57+
fi
3958
else
40-
echo "$cap_name $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
59+
# Add validation check for cap_value
60+
if [[ "$cap_value" =~ ^[0-9a-fA-F]+$ ]]; then
61+
# Memory errors can occur with certain values (e.g., ffffffffffffffff)
62+
# so we redirect stderr to prevent error propagation
63+
echo "$cap_name $(capsh --decode=0x"$cap_value" 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},")"
64+
else
65+
echo "$cap_name [Invalid capability format]"
66+
fi
4167
fi
4268
done
4369
echo ""
@@ -69,10 +95,9 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
6995
if ! [ "$capsVB_vuln" ]; then
7096
echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
7197
fi
72-
7398
if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
7499
echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
75100
fi
76101
done
77102
echo ""
78-
fi
103+
fi

0 commit comments

Comments
 (0)