PenTest/privilege-escalation-awesome-scripts-suite
1
0
Fork 0
mirror of https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git synced 2025-12-06 09:01:29 +00:00
Code Issues Projects Releases Wiki Activity

images, banners & options

Browse Source
This commit is contained in:
carlospolop
2019-11-04 07:59:43 -05:00
parent 42ff07fe8c
commit 938c2e13b0
40 changed files with 1095 additions and 8595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file → Executable file
View File

@@ -1,2 +1,4 @@
.vs/*
winPEAS/winPEASexe/.vs/*
Debug/*
winPEAS/winPEASexe/winPEAS/bin/Debug/*

BIN
linPEAS/images/help.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 356 KiB

43
linPEAS/linpeas.sh
View File

@@ -198,16 +198,20 @@ NOTEXPORT=""
DISCOVERY=""
PORTS=""
QUIET=""
HELP=$GREEN"Enumerate and search Privilege Escalation vectors.\n\
$Y\t-h$B To show this message\n\
$Y\t-f$B Fast (don't check 1min of processes)\n\
$Y\t-s$B SuperFast (don't check 1min of processes and other time consuming checks bypassed)\n\
$Y\t-n$B Do not export env variables related with history\n\
$Y\t-d <IP/NETMASK>$B Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
$Y\t-p <PORT(s)> -d <IP/NETMASK>$B Discover hosts looking for TCP open ports (via nc). By default ports 80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
$Y\t-i <IP> [-p <PORT(s)>]$B Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080"
CHECKS="SysI,Devs,AvaSof,ProCronSrvcs,Net,UsrI,SofI,IntFiles"
HELP=$GREEN"Enumerate and search Privilege Escalation vectors.
$Y-h$B To show this message
$Y-q$B Do not show banner
$Y-f$B Fast (don't check 1min of processes)
$Y-s$B SuperFast (don't check 1min of processes and other time consuming checks bypassed)
$Y-n$B Do not export env variables related with history
$Y-o$B Only execute selected checks (SysI, Devs, AvaSof, ProCronSrvcs, Net, UsrI, SofI, IntFiles). Select a comma separated list.
$Y-d <IP/NETMASK>$B Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
$Y-p <PORT(s)> -d <IP/NETMASK>$B Discover hosts looking for TCP open ports (via nc). By default ports 80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
$Y-i <IP> [-p <PORT(s)>]$B Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
$GREEN Notice$B that if you select some network action, any PE check will be performed\n\n"
while getopts "h?fsd:p:i:q" opt; do
while getopts "h?fsd:p:i:qo:" opt; do
case "$opt" in
h|\?) printf "$HELP"$NC; exit 0;;
f) FAST=1;;
@@ -217,6 +221,7 @@ while getopts "h?fsd:p:i:q" opt; do
p) PORTS=$OPTARG;;
i) IP=$OPTARG;;
q) QUIET=1;;
o) CHECKS=$OPTARG;;
esac
done
@@ -512,6 +517,7 @@ elif [ "$IP" ]; then
fi
if [ "`echo $CHECKS | grep SysI`" ]; then
###########################################
#-------------) System Info (-------------#
###########################################
@@ -580,8 +586,10 @@ else echo_no
fi
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep Devs`" ]; then
###########################################
#---------------) Devices (---------------#
###########################################
@@ -598,8 +606,10 @@ printf $B"[i] "$Y"Check if you can mount umounted devices\n"$NC
cat /etc/fstab 2>/dev/null | grep -v "^#" | sed "s,$mountG,${C}[1;32m&${C}[0m,g" | sed "s,$notmounted,${C}[1;31m&${C}[0m," | sed "s,$mounted,${C}[1;34m&${C}[0m," | sed "s,$Wfolders,${C}[1;31m&${C}[0m," | sed "s,$mountpermsB,${C}[1;31m&${C}[0m,g" | sed "s,$mountpermsG,${C}[1;32m&${C}[0m,g"
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep AvaSof`" ]; then
###########################################
#---------) Available Software (----------#
###########################################
@@ -615,8 +625,10 @@ printf $Y"[+] "$GREEN"Installed compilers?\n"$NC
(dpkg --list 2>/dev/null | grep compiler | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; which gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/") || echo_not_found "Compilers";
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep ProCronSrvcs`" ]; then
###########################################
#-----) Processes & Cron & Services (-----#
###########################################
@@ -665,7 +677,10 @@ printf $B"[i] "$Y"Search for outdated versions\n"$NC
(service --status-all || chkconfig --list || rc-status) 2>/dev/null || echo_not_found "service|chkconfig|rc-status"
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep Net`" ]; then
###########################################
#---------) Network Information (---------#
###########################################
@@ -711,7 +726,10 @@ else echo_no
fi
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep UsrI`" ]; then
###########################################
#----------) Users Information (----------#
###########################################
@@ -802,7 +820,10 @@ printf $Y"[+] "$GREEN"All users\n"$NC
cat /etc/passwd 2>/dev/null | sort | cut -d: -f1 | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m,"
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep SofI`" ]; then
###########################################
#--------) Software Information (---------#
###########################################
@@ -1203,8 +1224,11 @@ if [ "$tmuxsess" ]; then
else echo_not_found "tmux"
fi
echo ""
echo ""
fi
if [ "`echo $CHECKS | grep IntFiles`" ]; then
###########################################
#----------) Interesting files (----------#
###########################################
@@ -1392,3 +1416,4 @@ if ! [ "$SUPERFAST" ]; then
grep -R -i "password" /etc 2>/dev/null | grep "conf" | grep -v ":#\|:/\*\|: \*" | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m,"
echo ""
fi
fi

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/.suo
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/Server/sqlite3/storage.ide
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/Server/sqlite3/storage.ide-shm
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/Server/sqlite3/storage.ide-wal
View File

Binary file not shown.

4
winPEAS/winPEASexe/README.md
View File

@@ -10,7 +10,7 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac
Download the **[latest version from here](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin)** or **compile it yourself**.
```bash
winpeas.exe ansii #ANSII color for linux consoles (reverse shell)
winpeas.exe ansi #ANSI color for linux consoles (reverse shell)
winpeas.exe #Will execute all checks except the ones that execute MD commands
winpeas.exe cmd #All checks
winpeas.exe cmd fast #All except the one that search for files
@@ -27,7 +27,7 @@ The **ouput will be colored**. Below you have some indications about what does e
The tool is heavily based in **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
**IMPORTANT TO NOTICE:** By default WinPEAS will use colord for Windows terminals (without ANSII characters). If execute winpeas.exe from a reverse shell without any option **no color will be printed**. To see colors in a linux terminal you need to use the **ansii** parameter.
**IMPORTANT TO NOTICE:** By default WinPEAS will use colors for Windows terminals (without ANSI characters). If you are executing winpeas.exe from a reverse shell without any option **any color will be appear**. To see colors in a linux terminal you need to use the **ansi** parameter.
## Help

BIN
winPEAS/winPEASexe/images/help.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 159 KiB

After

Width:  |  Height:  |  Size: 157 KiB

BIN
winPEAS/winPEASexe/privilege-escalation-awesome-script-suite-master.zip
View File

Binary file not shown.

99
winPEAS/winPEASexe/winPEAS/Beaprint.cs
View File

@@ -23,11 +23,11 @@ namespace winPEAS
static string LCYAN = "\x1b[1;36m";
static string REDYELLOW = "\x1b[31;103m";
public static string NOCOLOR = "\x1b[0m";
public static string ansii_color_bad = RED;
public static string ansii_color_good = GREEN;
public static string ansii_users_active = CYAN;
public static string ansii_users_disabled = BLUE;
public static string ansii_current_user = MAGENTA;
public static string ansi_color_bad = RED;
public static string ansi_color_good = GREEN;
public static string ansi_users_active = CYAN;
public static string ansi_users_disabled = BLUE;
public static string ansi_current_user = MAGENTA;
public static Color color_key = Color.DarkSeaGreen;
public static Color color_not_found = Color.Gray;
@@ -47,25 +47,56 @@ namespace winPEAS
Color.Peru
};
public static void PrintBanner()
{
System.Console.WriteLine(@"
*((,.,/((((((((((((((((((((/, */
,/*,..*(((((((((((((((((((((((((((((((((, ,/
.,*/((((((((((((((((((/, .*//((//**, .*((((((* ./,
(((((((((((((((((* .****,,,/((##########(* ,((((((* (
((((((((((((/* .***************,,/(########(. ((((((* *,
,.. ...,****************(@@@#(/***/(#####* /((((((./
,,,..**********************&@@@#@@@@@(***,.*(###* /(((((*.
,, ,**********************#@@&(#%@@@%*********,,((/ /(((((
,. ...........,,*********/%@@&&@@@@@/*************,,..((((
,,**(################(/*****//&@@@@%****************** /((
.**(########################(/,.,/(/*******************.*(
.*/(#############################(/*********************,*
,*/(##################################(/*****************.
,*((######################################(**************.
.*((######(,.***.,(###################(..***(/***********.
.,/(######*(#####((##################((######/(**********.
,.*/##################(/**********(################(*****.
,.,*(####################/*******(####################((/.
,, **((############################################/ /((
,,, ,*((#########################################(..((((((
. .. ,**/(#####################################( .((((((((
(((((* ,(#################################((* /(((((((((
((((((((((. ,(############################(../((((((((((
(((((((((/, ,####################(/..((((((((((
(((((((((/,. ,*//////*,. ./(((((((((((
((((((((((((((((((((((((((((/");
}
public static void PrintInit()
{
Colorful.Console.WriteLine();
Colorful.Console.WriteLine();
if (Program.banner)
PrintBanner();
if (Program.using_ansii)
if (Program.using_ansi)
{
System.Console.WriteLine(YELLOW + "[+] " + NOCOLOR + "WinPEAS" + GREEN + Program.version + NOCOLOR );
System.Console.WriteLine(YELLOW + " " + NOCOLOR + "WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR );
}
else
{
Formatter[] colorsString = new Formatter[]
{
new Formatter( " [+] ", Color.Yellow),
new Formatter( "WinPEASv", color_key),
new Formatter( " WinPEAS", color_key),
new Formatter( Program.version, color_default),
};
Colorful.Console.WriteLineFormatted("{0}{1}{2}", color_key, colorsString);
Colorful.Console.WriteLineFormatted("{0} {1} by carlospolop", Color.Yellow, colorsString);
}
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
PrintLeyend();
@@ -73,7 +104,7 @@ namespace winPEAS
static void PrintLeyend()
{
if (Program.using_ansii)
if (Program.using_ansi)
{
System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR);
System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
@@ -98,10 +129,11 @@ namespace winPEAS
public static void PrintUsage()
{
if (Program.using_ansii)
if (Program.using_ansi)
{
System.Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tansii" + GRAY + " Use ANSII colors (see color from linux terminal)" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tquiet" + GRAY + " Do not print banner" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tansi" + GRAY + " Use ansi colors (see color from linux terminal)" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tfast" + GRAY + " This will avoid very time consuming checks" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tcmd" + GRAY + " Obtain wifi, cred manager and clipboard information executing CMD commands" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tsysteminfo" + GRAY + " Search system information" + NOCOLOR);
@@ -118,7 +150,8 @@ namespace winPEAS
else
{
Colorful.Console.Write(" [*] ", Color.Yellow); Colorful.Console.WriteLine("WinPEAS is a binary to enumerate possible paths to escalate privileges locally", color_key);
Colorful.Console.Write("\tansii", color_default); Colorful.Console.WriteLine(" Use ANSII colors (see color from linux terminal)", Color.Gray);
Colorful.Console.Write("\tquiet", color_default); Colorful.Console.WriteLine(" Do not print banner", Color.Gray);
Colorful.Console.Write("\tansi", color_default); Colorful.Console.WriteLine(" Use ansi colors (see color from linux terminal)", Color.Gray);
Colorful.Console.Write("\tfast", color_default); Colorful.Console.WriteLine(" This will avoid very time consuming checks", Color.Gray);
Colorful.Console.Write("\tcmd", color_default); Colorful.Console.WriteLine(" Obtain wifi, cred manager and clipboard information executing CMD commands", Color.Gray);
Colorful.Console.Write("\tsysteminfo", color_default); Colorful.Console.WriteLine(" Search system information", Color.Gray);
@@ -141,7 +174,7 @@ namespace winPEAS
System.Console.WriteLine();
System.Console.WriteLine();
int halfTotal = 60;
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" +NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
else
{
@@ -162,7 +195,7 @@ namespace winPEAS
try
{
Colorful.Console.WriteLine();
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(YELLOW + " [+] " + LRED + toPrint + YELLOW + "(" + GRAY + attackid + YELLOW + ")" + NOCOLOR);
else
{
@@ -185,7 +218,7 @@ namespace winPEAS
{
try
{
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
else
{
@@ -208,7 +241,7 @@ namespace winPEAS
{
try
{
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR);
else
{
@@ -233,7 +266,7 @@ namespace winPEAS
public static void GoodPrint(string to_print)
{
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(GREEN + to_print + NOCOLOR);
else
Colorful.Console.WriteLine(to_print, color_good);
@@ -241,7 +274,7 @@ namespace winPEAS
public static void BadPrint(string to_print)
{
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(RED + to_print + NOCOLOR);
else
Colorful.Console.WriteLine(to_print, color_bad);
@@ -249,7 +282,7 @@ namespace winPEAS
public static void GrayPrint(string to_print)
{
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(GRAY + to_print + NOCOLOR);
else
Colorful.Console.WriteLine(to_print, color_not_found);
@@ -260,22 +293,22 @@ namespace winPEAS
{
GrayPrint(" =================================================================================================");
}
public static void AnsiiPrint(string to_print, Dictionary<string, string> ansii_colors_regexp)
public static void AnsiPrint(string to_print, Dictionary<string, string> ansi_colors_regexp)
{
if (to_print.Trim().Length > 0)
{
foreach (string line in to_print.Split('\n'))
{
string new_line = line;
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
new_line = RegexAnsii(new_line, color.Value, color.Key);
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
new_line = Regexansi(new_line, color.Value, color.Key);
System.Console.WriteLine(new_line);
}
}
}
static string RegexAnsii(string to_match, string color, string rgxp)
static string Regexansi(string to_match, string color, string rgxp)
{
Regex regex = new Regex(rgxp);
Match match = regex.Match(to_match);
@@ -283,7 +316,7 @@ namespace winPEAS
return to_match.Replace(match.Value, color + match.Value + NOCOLOR);
return to_match;
}
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansii_colors_regexp, bool delete_nulls)
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls)
{
try
{
@@ -293,10 +326,10 @@ namespace winPEAS
continue;
string value = entry.Value;
string key = entry.Key;
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
{
key = RegexAnsii(key, color.Value, color.Key);
value = RegexAnsii(value, color.Value, color.Key);
key = Regexansi(key, color.Value, color.Key);
value = Regexansi(value, color.Value, color.Key);
}
System.Console.WriteLine(" " + key + ": " + value);
}
@@ -316,7 +349,7 @@ namespace winPEAS
{
if (delete_nulls && String.IsNullOrEmpty(entry.Value))
continue;
if (Program.using_ansii)
if (Program.using_ansi)
System.Console.WriteLine(" " + entry.Key + ": " + entry.Value);
else
@@ -508,7 +541,7 @@ namespace winPEAS
{
if (list_to_print.Count > 0)
{
if (Program.using_ansii)
if (Program.using_ansi)
{
foreach (string elem in list_to_print)
System.Console.WriteLine(" " + elem);
@@ -533,7 +566,7 @@ namespace winPEAS
if (list_to_print.Count > 0)
{
foreach (string elem in list_to_print)
AnsiiPrint(" " + elem, dic_colors);
AnsiPrint(" " + elem, dic_colors);
}
else
NotFoundPrint();

4
winPEAS/winPEASexe/winPEAS/MyUtils.cs
View File

@@ -554,8 +554,8 @@ namespace winPEAS
// search every pattern in this directory's files
foreach (string pattern in patterns.Split(';'))
{
if (Program.using_ansii)
Beaprint.AnsiiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
if (Program.using_ansi)
Beaprint.AnsiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
else
Colorful.Console.WriteLineStyled(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), ss); // .exe can be contained because of appcmd.exe
}

234
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@@ -9,10 +9,11 @@ namespace winPEAS
{
class Program
{
public static string version = "BETA VERSION";
public static bool banner = true;
public static string version = "vBETA VERSION";
static bool is_fast = false;
static bool exec_cmd = false;
public static bool using_ansii = false;
public static bool using_ansi = false;
// Static blacklists
static string strTrue = "True";
@@ -35,11 +36,11 @@ namespace winPEAS
static Color color_key = Beaprint.color_key;
static Color color_good = Beaprint.color_good;
static Color color_bad = Beaprint.color_bad;
static string ansii_color_bad = Beaprint.ansii_color_bad;
static string ansii_color_good = Beaprint.ansii_color_good;
static string ansii_users_active = Beaprint.ansii_users_active;
static string ansii_users_disabled = Beaprint.ansii_users_disabled;
static string ansii_current_user = Beaprint.ansii_current_user;
static string ansi_color_bad = Beaprint.ansi_color_bad;
static string ansi_color_good = Beaprint.ansi_color_good;
static string ansi_users_active = Beaprint.ansi_users_active;
static string ansi_users_disabled = Beaprint.ansi_users_disabled;
static string ansi_current_user = Beaprint.ansi_current_user;
static StyleSheet onlyDefaultStyleSheet = new StyleSheet(color_default);
static StyleSheet onlyKeyStyleSheet = new StyleSheet(color_key);
@@ -69,11 +70,11 @@ namespace winPEAS
Beaprint.MainPrint("Basic System Information", "T1082&T1124&T1012&T1497&T1212");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits", "Check if the Windows versions is vulnerable to some known exploit");
Dictionary<string, string> basicDictSystem = SystemInfo.GetBasicOSInfo();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ strTrue, ansii_color_bad }
{ strTrue, ansi_color_bad }
};
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
}
@@ -143,11 +144,11 @@ namespace winPEAS
Beaprint.MainPrint("LAPS Settings", "T1012");
Beaprint.LinkPrint("", "If installed, local administrator password change frequently in domain-joined boxes and is restricted by ACL");
Dictionary<string, string> lapsDict = SystemInfo.GetLapsSettings();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ badLAPS, ansii_color_bad }
{ badLAPS, ansi_color_bad }
};
Beaprint.DictPrint(lapsDict, colorsSI, false);
}
@@ -171,11 +172,11 @@ namespace winPEAS
Beaprint.MainPrint("User Environment Variables", "");
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
Dictionary<string, string> userEnvDict = SystemInfo.GetUserEnvVariables();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad }
{ print_credStrings, ansi_color_bad }
};
Beaprint.DictPrint(userEnvDict, colorsSI, false);
}
@@ -199,11 +200,11 @@ namespace winPEAS
Beaprint.MainPrint("System Environment Variables", "");
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
Dictionary<string, string> sysEnvDict = SystemInfo.GetSystemEnvVariables();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad }
{ print_credStrings, ansi_color_bad }
};
Beaprint.DictPrint(sysEnvDict, colorsSI, false);
}
@@ -260,13 +261,13 @@ namespace winPEAS
if (drive_permissions.Length > 0)
dToPrint += "(Permissions: {5})";
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ "Permissions.*", ansii_color_bad}
{ "Permissions.*", ansi_color_bad}
};
Beaprint.AnsiiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
Beaprint.AnsiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
}
else
@@ -316,12 +317,12 @@ namespace winPEAS
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access", "If you are in the Administrators group check how to bypass the UAC");
Dictionary<string, string> uacDict = SystemInfo.GetUACSystemPolicies();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
{
{ badUAC, ansii_color_bad },
{ goodUAC, ansii_color_good }
{ badUAC, ansi_color_bad },
{ goodUAC, ansi_color_good }
};
Beaprint.DictPrint(uacDict, colorsSI, false);
}
@@ -414,15 +415,15 @@ namespace winPEAS
{
return new Dictionary<string, string>()
{
{ paint_activeUsers, ansii_users_active },
{ paint_disabledUsers, ansii_users_disabled },
{ currentUserName, ansii_current_user },
{ currentDomainName, ansii_current_user },
{ paint_adminUsers, ansii_color_bad },
{ badgroups, ansii_color_bad },
{ badpasswd, ansii_color_bad },
{ badPrivileges, ansii_color_bad },
{ "DefaultPassword.*", ansii_color_bad },
{ paint_activeUsers, ansi_users_active },
{ paint_disabledUsers, ansi_users_disabled },
{ currentUserName, ansi_current_user },
{ currentDomainName, ansi_current_user },
{ paint_adminUsers, ansi_color_bad },
{ badgroups, ansi_color_bad },
{ badpasswd, ansi_color_bad },
{ badPrivileges, ansi_color_bad },
{ "DefaultPassword.*", ansi_color_bad },
};
}
@@ -433,9 +434,9 @@ namespace winPEAS
Beaprint.MainPrint("Current users", "T1087&T1069&T1033");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#users-and-groups", "Check if you have some admin equivalent privileges");
List<string> users_grps = UserInfo.GetMachineUsers(false, false, false, false, true);
if (using_ansii)
if (using_ansi)
{
Beaprint.AnsiiPrint(" Current user: " + currentUserName, colorsU());
Beaprint.AnsiPrint(" Current user: " + currentUserName, colorsU());
Beaprint.ListPrint(users_grps, colorsU());
}
else
@@ -457,7 +458,7 @@ namespace winPEAS
Beaprint.MainPrint("Current Token privileges", "T1134");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#token-manipulation", "Check if you can escalate privilege using some enabled token");
Dictionary<string, string> token_privs = UserInfo.GetTokenGroupPrivs();
if (using_ansii)
if (using_ansi)
Beaprint.DictPrint(token_privs, colorsU(), false);
else
Beaprint.DictPrint(token_privs, CreateUsersSS(), false);
@@ -499,7 +500,7 @@ namespace winPEAS
{
Beaprint.MainPrint("Logged users", "T1087&T1033");
List<string> loggedusers = UserInfo.GetLoggedUsers();
if (using_ansii)
if (using_ansi)
Beaprint.ListPrint(loggedusers, colorsU());
else
Beaprint.ListPrint(loggedusers, CreateUsersSS());
@@ -520,10 +521,10 @@ namespace winPEAS
{
string format = " {0,-10}{1,-15}{2,-15}{3,-25}{4,-10}{5}";
string header = String.Format(format, "SessID", "pSessionName", "pUserName", "pDomainName", "State", "SourceIP");
if (using_ansii) {
if (using_ansi) {
System.Console.WriteLine(header);
foreach (Dictionary<string, string> rdp_ses in rdp_sessions)
Beaprint.AnsiiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
Beaprint.AnsiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
}
else {
Colorful.Console.WriteLineStyled(header, onlyKeyStyleSheet);
@@ -546,7 +547,7 @@ namespace winPEAS
{
Beaprint.MainPrint("Ever logged users", "T1087&T1033");
List<string> everlogged = UserInfo.GetEverLoggedUsers();
if (using_ansii)
if (using_ansi)
Beaprint.ListPrint(everlogged, colorsU());
else
Beaprint.ListPrint(everlogged, CreateUsersSS());
@@ -574,8 +575,8 @@ namespace winPEAS
Beaprint.BadPrint("Some AutoLogon credentials were found!!");
ban = true;
}
if (using_ansii)
Beaprint.AnsiiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
if (using_ansi)
Beaprint.AnsiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
else
Colorful.Console.WriteLineStyled(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), CreateUsersSS());
}
@@ -620,7 +621,7 @@ namespace winPEAS
Beaprint.MainPrint("Password Policies", "T1201");
Beaprint.LinkPrint("", "This is insteresting for brute-force");
List<Dictionary<string, string>> PPy = UserInfo.GetPasswordPolicy();
if (using_ansii)
if (using_ansi)
Beaprint.DictPrint(PPy, colorsU(), false);
else
Beaprint.DictPrint(PPy, CreateUsersSS(), false);
@@ -705,16 +706,16 @@ namespace winPEAS
if (proc_info["CommandLine"].Length > 1)
formString += "\n {8}";
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsP = new Dictionary<string, string>()
{
{ currentUserName, ansii_current_user },
{ "Permissions:.*", ansii_color_bad },
{ "Possible DLL Hijacking.*", ansii_color_bad },
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
{ currentUserName, ansi_current_user },
{ "Permissions:.*", ansi_color_bad },
{ "Possible DLL Hijacking.*", ansi_color_bad },
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
};
Beaprint.AnsiiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
}
else
{
@@ -799,17 +800,17 @@ namespace winPEAS
if (service_info["Description"].Length > 1)
formString += "\n {10}";
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsS = new Dictionary<string, string>()
{
{ "File Permissions:.*", ansii_color_bad },
{ "Possible DLL Hijacking.*", ansii_color_bad },
{ "No quotes and Space detected", ansii_color_bad },
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansii_color_bad : ansii_color_good },
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansii_color_bad : ansii_color_good },
{ "File Permissions:.*", ansi_color_bad },
{ "Possible DLL Hijacking.*", ansi_color_bad },
{ "No quotes and Space detected", ansi_color_bad },
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansi_color_bad : ansi_color_good },
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansi_color_bad : ansi_color_good },
};
Beaprint.AnsiiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
Beaprint.AnsiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
}
else
{
@@ -958,11 +959,11 @@ namespace winPEAS
Colorful.Console.WriteLine();
Beaprint.MainPrint("Installed Applications --Via Registry--", "T1083&T1012&T1010");
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsA = new Dictionary<string, string>()
{
{ goodSoft, ansii_color_good }
{ goodSoft, ansi_color_good }
};
Beaprint.ListPrint(ApplicationInfo.GetAppsRegistry(), colorsA);
}
@@ -991,13 +992,13 @@ namespace winPEAS
{
Dictionary<string, string> colorsA = new Dictionary<string, string>()
{
{ "FolderPerms:.*", ansii_color_bad },
{ "FilePerms:.*", ansii_color_bad },
{ "(Unquoted and Space detected)", ansii_color_bad },
{ "(RegPath is writable)", ansii_color_bad },
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansii_color_bad : ansii_color_good },
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansii_color_bad : ansii_color_good },
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansii_color_bad : ansii_color_good },
{ "FolderPerms:.*", ansi_color_bad },
{ "FilePerms:.*", ansi_color_bad },
{ "(Unquoted and Space detected)", ansi_color_bad },
{ "(RegPath is writable)", ansi_color_bad },
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansi_color_bad : ansi_color_good },
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansi_color_bad : ansi_color_good },
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansi_color_bad : ansi_color_good },
};
StyleSheet styleSheetAA = new StyleSheet(color_default);
styleSheetAA.AddStyle("FolderPerms", color_bad);
@@ -1015,10 +1016,10 @@ namespace winPEAS
if (!String.IsNullOrEmpty(app["Folder"]))
styleSheetAA.AddStyle(app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
}
if (using_ansii)
if (using_ansi)
{
Beaprint.AnsiiPrint(string1, colorsA);
Beaprint.AnsiiPrint(string2, colorsA);
Beaprint.AnsiPrint(string1, colorsA);
Beaprint.AnsiPrint(string2, colorsA);
}
else
{
@@ -1074,10 +1075,10 @@ namespace winPEAS
styleSheetAA.AddStyle(app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
}
if (using_ansii)
if (using_ansi)
{
Beaprint.AnsiiPrint(string1, colorsA);
Beaprint.AnsiiPrint(string2, colorsA);
Beaprint.AnsiPrint(string1, colorsA);
Beaprint.AnsiPrint(string2, colorsA);
}
else
{
@@ -1116,14 +1117,14 @@ namespace winPEAS
if (String.IsNullOrEmpty(sapp["Description"]))
formString += "\n {6}";
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsS = new Dictionary<string, string>()
{
{ "Permissions.*", ansii_color_bad },
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
{ "Permissions.*", ansi_color_bad },
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
};
Beaprint.AnsiiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
Beaprint.AnsiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
}
else
{
@@ -1168,11 +1169,11 @@ namespace winPEAS
try
{
Beaprint.MainPrint("Network Shares", "T1135");
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsN = new Dictionary<string, string>()
{
{ badShares, ansii_color_bad },
{ badShares, ansi_color_bad },
};
Beaprint.ListPrint(NetworkInfo.GetNetworkShares("127.0.0.1"), colorsN);
}
@@ -1222,7 +1223,7 @@ namespace winPEAS
if (card["arp"].Length > 1)
formString += "\n\tKnown hosts:\n{6}";
if (using_ansii)
if (using_ansi)
{
System.Console.WriteLine(String.Format(formString, card["Name"], card["PysicalAddr"], card["IPs"], card["Netmasks"].Replace(", 0.0.0.0", ""), card["Gateways"], card["DNSs"], card["arp"]));
}
@@ -1256,14 +1257,14 @@ namespace winPEAS
Beaprint.LinkPrint("", "Check for services restricted from the outside");
List<List<string>> conns = NetworkInfo.GetNetConnections();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsN = new Dictionary<string, string>()
{
{ badIps, ansii_color_bad },
{ badIps, ansi_color_bad },
};
foreach (List<string> conn in conns)
Beaprint.AnsiiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
Beaprint.AnsiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
}
else
{
@@ -1305,15 +1306,15 @@ namespace winPEAS
formString += "\n Folder Permissions: {9}";
formString += "\n {10}";
if (using_ansii) {
if (using_ansi) {
Dictionary<string, string> colorsN = new Dictionary<string, string>()
{
{ strFalse, ansii_color_bad },
{ strTrue, ansii_color_good },
{ "File Permissions.*|Folder Permissions.*", ansii_color_bad },
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansii_color_bad : ansii_color_good },
{ strFalse, ansi_color_bad },
{ strTrue, ansi_color_good },
{ "File Permissions.*|Folder Permissions.*", ansi_color_bad },
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansi_color_bad : ansi_color_good },
};
Beaprint.AnsiiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
Beaprint.AnsiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
}
else
{
@@ -1382,11 +1383,11 @@ namespace winPEAS
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
List<Dictionary<string, string>> vault_creds = KnownFileCredsInfo.DumpVault();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsC = new Dictionary<string, string>()
{
{ "Identity.*|Credential.*", ansii_color_bad },
{ "Identity.*|Credential.*", ansi_color_bad },
};
Beaprint.DictPrint(vault_creds, colorsC, true);
}
@@ -1413,13 +1414,13 @@ namespace winPEAS
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
if (exec_cmd)
{
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsC = new Dictionary<string, string>()
{
{ "User:.*", ansii_color_bad },
{ "User:.*", ansi_color_bad },
};
Beaprint.AnsiiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
Beaprint.AnsiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
}
else
{
@@ -1580,13 +1581,13 @@ namespace winPEAS
Beaprint.MainPrint("Looking saved Wifis", "");
if (exec_cmd)
{
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsC = new Dictionary<string, string>()
{
{ ": .*", ansii_color_bad },
{ ": .*", ansi_color_bad },
};
Beaprint.AnsiiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
Beaprint.AnsiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
}
else
{
@@ -1757,16 +1758,16 @@ namespace winPEAS
List<string> firefoxHist = KnownFileCredsInfo.GetFirefoxHistory();
if (firefoxHist.Count > 0)
{
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsB = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad },
{ print_credStrings, ansi_color_bad },
};
foreach (string url in firefoxHist)
{
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
Beaprint.AnsiiPrint(" " + url, colorsB);
Beaprint.AnsiPrint(" " + url, colorsB);
}
}
else
@@ -1831,16 +1832,16 @@ namespace winPEAS
if (history.Count > 0)
{
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsB = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad },
{ print_credStrings, ansi_color_bad },
};
foreach (string url in history)
{
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
Beaprint.AnsiiPrint(" " + url, colorsB);
Beaprint.AnsiPrint(" " + url, colorsB);
}
}
else
@@ -1877,11 +1878,11 @@ namespace winPEAS
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#browsers-history");
List<string> urls = KnownFileCredsInfo.GetCurrentIETabs();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsB = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad },
{ print_credStrings, ansi_color_bad },
};
Beaprint.ListPrint(urls, colorsB);
}
@@ -1910,16 +1911,16 @@ namespace winPEAS
if (history.Count > 0)
{
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorsB = new Dictionary<string, string>()
{
{ print_credStrings, ansii_color_bad },
{ print_credStrings, ansi_color_bad },
};
foreach (string url in history)
{
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
Beaprint.AnsiiPrint(" " + url, colorsB);
Beaprint.AnsiPrint(" " + url, colorsB);
}
}
else
@@ -1967,11 +1968,11 @@ namespace winPEAS
Beaprint.MainPrint("Putty Sessions", "");
List<Dictionary<string, string>> putty_sess = KnownFileCredsInfo.GetPuttySessions();
if (using_ansii)
if (using_ansi)
{
Dictionary<string, string> colorF = new Dictionary<string, string>()
{
{ "ProxyPassword.*", ansii_color_bad },
{ "ProxyPassword.*", ansi_color_bad },
};
Beaprint.DictPrint(putty_sess, colorF, true);
}
@@ -2071,7 +2072,7 @@ namespace winPEAS
styleSheetPCF.AddStyle(pattern_color, color_bad);
Dictionary<string, string> colorF = new Dictionary<string, string>()
{
{ pattern_color, ansii_color_bad },
{ pattern_color, ansi_color_bad },
};
Beaprint.MainPrint("Looking for possible password files in users homes", "T1083&T1081");
@@ -2082,8 +2083,8 @@ namespace winPEAS
{
if (!Path.GetFileName(file_path).Contains("."))
{
if (using_ansii)
Beaprint.AnsiiPrint(" " + file_path, colorF);
if (using_ansi)
Beaprint.AnsiPrint(" " + file_path, colorF);
else
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
}
@@ -2093,8 +2094,8 @@ namespace winPEAS
{
if (file_path.Contains(ext))
{
if (using_ansii)
Beaprint.AnsiiPrint(" " + file_path, colorF);
if (using_ansi)
Beaprint.AnsiPrint(" " + file_path, colorF);
else
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
}
@@ -2117,7 +2118,7 @@ namespace winPEAS
string pattern_bin = patterns_file_creds + ";*password*;*credential*";
Dictionary<string, string> colorF = new Dictionary<string, string>()
{
{ patterns_file_creds + "|.*password.*|.*credential.*", ansii_color_bad },
{ patterns_file_creds + "|.*password.*|.*credential.*", ansi_color_bad },
};
Beaprint.MainPrint("Looking inside the Recycle Bin for creds files", "T1083&T1081&T1145");
@@ -2129,7 +2130,7 @@ namespace winPEAS
{
if (Regex.Match(rec_file["Name"], pattern.Replace("*", ".*"), RegexOptions.IgnoreCase).Success)
{
if (using_ansii)
if (using_ansi)
Beaprint.DictPrint(rec_file, colorF, true);
else
Beaprint.DictPrint(rec_file, styleSheetRB, true);
@@ -2154,7 +2155,7 @@ namespace winPEAS
styleSheetPCF.AddStyle(patterns_file_creds_color, color_bad);
Dictionary<string, string> colorF = new Dictionary<string, string>()
{
{ patterns_file_creds_color, ansii_color_bad },
{ patterns_file_creds_color, ansi_color_bad },
};
Beaprint.MainPrint("Looking for possible known files that can contain creds", "T1083&T1081");
@@ -2253,8 +2254,11 @@ namespace winPEAS
if (string.Equals(arg, "cmd", StringComparison.CurrentCultureIgnoreCase))
exec_cmd = true;
if (string.Equals(arg, "ansii", StringComparison.CurrentCultureIgnoreCase))
using_ansii = true;
if (string.Equals(arg, "ansi", StringComparison.CurrentCultureIgnoreCase))
using_ansi = true;
if (string.Equals(arg, "quiet", StringComparison.CurrentCultureIgnoreCase))
banner = false;
if (string.Equals(arg, "help", StringComparison.CurrentCultureIgnoreCase))
{

6
winPEAS/winPEASexe/winPEAS/Watson.cs
View File

@@ -110,9 +110,9 @@ namespace winPEAS
if (_vulnerabilities.Any(e => e.Vulnerable))
{
if (Program.using_ansii)
if (Program.using_ansi)
{
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansii_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansi_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
}
else
{
@@ -722,7 +722,7 @@ namespace winPEAS
{
public static void FindVulns()
{
if (Program.using_ansii)
if (Program.using_ansi)
{
System.Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by" + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR);
}

7584
winPEAS/winPEASexe/winPEAS/bin/Debug/Microsoft.Win32.TaskScheduler.xml
View File

File diff suppressed because it is too large Load Diff

BIN
winPEAS/winPEASexe/winPEAS/bin/Debug/winPEAS.exe
View File

Binary file not shown.

6
winPEAS/winPEASexe/winPEAS/bin/Debug/winPEAS.exe.config
View File

@@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>

BIN
winPEAS/winPEASexe/winPEAS/bin/Debug/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache Executable file
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache Executable file
View File

Binary file not shown.

9
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt
View File

@@ -30,3 +30,12 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEA
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.Fody.CopyLocal.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb

2
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.Fody.CopyLocal.cache
View File

@@ -1 +1 @@
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache Executable file
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb
View File

Binary file not shown.

8
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt
View File

@@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\wi
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.Fody.CopyLocal.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb

2
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.Fody.CopyLocal.cache
View File

@@ -1 +1 @@
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

BIN
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb
View File

Binary file not shown.

8
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt
View File

@@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\wi
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.Fody.CopyLocal.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb

2
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.Fody.CopyLocal.cache
View File

@@ -1 +1 @@
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

BIN
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb
View File

Binary file not shown.

3
winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user
View File

@@ -4,7 +4,8 @@
<StartArguments>help</StartArguments>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
<StartArguments>help</StartArguments>
<StartArguments>
</StartArguments>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
<StartArguments>cmd fast</StartArguments>