From effa2efed6ddc2d91f377d488de10e508e54913f Mon Sep 17 00:00:00 2001 From: anio Date: Sat, 22 Aug 2020 08:35:41 +0000 Subject: [PATCH] Added fish_history[.*], .zsh_history, .zhistory, .tcsh_history, .csh_history, .nano_history and .python_history to check. --- LinEnum.sh | 6 +++--- README.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/LinEnum.sh b/LinEnum.sh index d8c69f2..ba7c9f7 100755 --- a/LinEnum.sh +++ b/LinEnum.sh @@ -1222,10 +1222,10 @@ if [ "$export" ] && [ "$roothist" ]; then cp $roothist $format/history_files/ 2>/dev/null fi -#all accessible .bash_history files in /home -checkbashhist=`find /home -name .bash_history -print -exec cat {} 2>/dev/null \;` +#all accessible .bash_history, fish_history[.*], .zsh_history, .zhistory, .tcsh_history, .csh_history, .nano_history and .python_history files in /home +checkbashhist=`find /home -regex '.*\.?\(bash_\|fish_\|zsh_\|z\|tcsh_\|csh_\|nano_\|python_\)history\(\..*\)?' -print -exec cat {} 2>/dev/null \;` if [ "$checkbashhist" ]; then - echo -e "\e[00;31m[-] Location and contents (if accessible) of .bash_history file(s):\e[00m\n$checkbashhist" + echo -e "\e[00;31m[-] Location and contents (if accessible) of .bash_history, fish_history, .zsh_history, .zhistory, .tcsh_history, .csh_history, .nano_history and .python_history files:\e[00m\n$checkbashhist" echo -e "\n" fi diff --git a/README.md b/README.md index 97965f3..df04e90 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ High-level summary of the checks/tasks performed by LinEnum: * Checks if password hashes are stored in /etc/passwd * Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc * Attempt to read restricted files i.e. /etc/shadow - * List current users history files (i.e .bash_history, .nano_history etc.) + * List current users history files (i.e .bash_history, .zsh_history, fish_history, .nano_history etc.) * Basic SSH checks * Privileged access: * Which users have recently used sudo