mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2025-12-08 01:51:28 +00:00
Compare commits
1 Commits
20220203
...
refs/pull/
| Author | SHA1 | Date | |
|---|---|---|---|
|
d63d1ef32b |
57
.github/workflows/CI-master_tests.yml
vendored
57
.github/workflows/CI-master_tests.yml
vendored
@@ -4,9 +4,6 @@ on:
|
|||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- master
|
- master
|
||||||
|
|
||||||
schedule:
|
|
||||||
- cron: "5 4 * * SUN"
|
|
||||||
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
@@ -87,9 +84,9 @@ jobs:
|
|||||||
# copy the files
|
# copy the files
|
||||||
- name: Copy Dotfuscator generated files
|
- name: Copy Dotfuscator generated files
|
||||||
run: |
|
run: |
|
||||||
cp $env:DotFuscatorGeneratedPath\x64\winPEASx64.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64_ofs.exe"
|
cp $env:DotFuscatorGeneratedPath\x64\winPEASx64.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64.exe"
|
||||||
cp $env:DotFuscatorGeneratedPath\x86\winPEASx86.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86_ofs.exe"
|
cp $env:DotFuscatorGeneratedPath\x86\winPEASx86.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86.exe"
|
||||||
cp $env:DotFuscatorGeneratedPath\any\winPEASany.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany_ofs.exe"
|
cp $env:DotFuscatorGeneratedPath\any\winPEASany.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany.exe"
|
||||||
|
|
||||||
# Upload all the versions for the release
|
# Upload all the versions for the release
|
||||||
- name: Upload winpeasx64
|
- name: Upload winpeasx64
|
||||||
@@ -114,19 +111,19 @@ jobs:
|
|||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
with:
|
with:
|
||||||
name: winPEASx64_ofs.exe
|
name: winPEASx64_ofs.exe
|
||||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64_ofs.exe
|
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64.exe
|
||||||
|
|
||||||
- name: Upload winpeasx86ofs
|
- name: Upload winpeasx86ofs
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
with:
|
with:
|
||||||
name: winPEASx86_ofs.exe
|
name: winPEASx86_ofs.exe
|
||||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86_ofs.exe
|
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86.exe
|
||||||
|
|
||||||
- name: Upload winpeasanyofs
|
- name: Upload winpeasanyofs
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
with:
|
with:
|
||||||
name: winPEASany_ofs.exe
|
name: winPEASany_ofs.exe
|
||||||
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany_ofs.exe
|
path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany.exe
|
||||||
|
|
||||||
- name: Upload winpeas.bat
|
- name: Upload winpeas.bat
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
@@ -199,7 +196,7 @@ jobs:
|
|||||||
|
|
||||||
# Run linpeas as a test
|
# Run linpeas as a test
|
||||||
- name: Run linpeas
|
- name: Run linpeas
|
||||||
run: linPEAS/linpeas.sh -a -D
|
run: linPEAS/linpeas.sh -t -e
|
||||||
|
|
||||||
# Upload files for release
|
# Upload files for release
|
||||||
- name: Upload linpeas.sh
|
- name: Upload linpeas.sh
|
||||||
@@ -286,7 +283,7 @@ jobs:
|
|||||||
|
|
||||||
# Run macpeas parts to test it
|
# Run macpeas parts to test it
|
||||||
- name: Run macpeas
|
- name: Run macpeas
|
||||||
run: linPEAS/linpeas.sh -D -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
|
run: linPEAS/linpeas.sh -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
|
||||||
|
|
||||||
|
|
||||||
Publish_release:
|
Publish_release:
|
||||||
@@ -295,21 +292,6 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Download files to release
|
# Download files to release
|
||||||
- name: Download winpeasx64ofs
|
|
||||||
uses: actions/download-artifact@v2
|
|
||||||
with:
|
|
||||||
name: winPEASx64_ofs.exe
|
|
||||||
|
|
||||||
- name: Download winpeasx86ofs
|
|
||||||
uses: actions/download-artifact@v2
|
|
||||||
with:
|
|
||||||
name: winPEASx86_ofs.exe
|
|
||||||
|
|
||||||
- name: Download winpeasanyofs
|
|
||||||
uses: actions/download-artifact@v2
|
|
||||||
with:
|
|
||||||
name: winPEASany_ofs.exe
|
|
||||||
|
|
||||||
- name: Download winpeasx64
|
- name: Download winpeasx64
|
||||||
uses: actions/download-artifact@v2
|
uses: actions/download-artifact@v2
|
||||||
with:
|
with:
|
||||||
@@ -324,6 +306,21 @@ jobs:
|
|||||||
uses: actions/download-artifact@v2
|
uses: actions/download-artifact@v2
|
||||||
with:
|
with:
|
||||||
name: winPEASany.exe
|
name: winPEASany.exe
|
||||||
|
|
||||||
|
- name: Download winpeasx64ofs
|
||||||
|
uses: actions/download-artifact@v2
|
||||||
|
with:
|
||||||
|
name: winPEASx64_ofs.exe
|
||||||
|
|
||||||
|
- name: Download winpeasx86ofs
|
||||||
|
uses: actions/download-artifact@v2
|
||||||
|
with:
|
||||||
|
name: winPEASx86_ofs.exe
|
||||||
|
|
||||||
|
- name: Download winpeasanyofs
|
||||||
|
uses: actions/download-artifact@v2
|
||||||
|
with:
|
||||||
|
name: winPEASany_ofs.exe
|
||||||
|
|
||||||
- name: Download winpeas.bat
|
- name: Download winpeas.bat
|
||||||
uses: actions/download-artifact@v2
|
uses: actions/download-artifact@v2
|
||||||
@@ -365,10 +362,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
name: linpeas_darwin_arm64
|
name: linpeas_darwin_arm64
|
||||||
|
|
||||||
- name: Get current date
|
|
||||||
id: date
|
|
||||||
run: echo "::set-output name=date::$(date +'%Y%m%d')"
|
|
||||||
|
|
||||||
# Create the release
|
# Create the release
|
||||||
- name: Create Release
|
- name: Create Release
|
||||||
id: create_release
|
id: create_release
|
||||||
@@ -376,8 +369,8 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
with:
|
with:
|
||||||
tag_name: ${{steps.date.outputs.date}}
|
tag_name: ${{ github.ref }}
|
||||||
release_name: Release ${{ github.ref }} ${{steps.date.outputs.date}}
|
release_name: Release ${{ github.ref }}
|
||||||
draft: false
|
draft: false
|
||||||
prerelease: false
|
prerelease: false
|
||||||
|
|
||||||
|
|||||||
79
README.md
79
README.md
@@ -1,38 +1,41 @@
|
|||||||
# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
|
# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
  
|
  
|
||||||
|
|
||||||
# Basic Tutorial
|
# Basic Tutorial
|
||||||
[](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7)
|
[](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7)
|
||||||
|
|
||||||
|
|
||||||
Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**.
|
Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**.
|
||||||
|
|
||||||
These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.
|
These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.
|
||||||
|
|
||||||
- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
||||||
- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
|
- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
|
||||||
|
|
||||||
- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**
|
- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**
|
||||||
- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
|
- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
|
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/tag/refs%2Fheads%2Fmaster)**.
|
||||||
|
|
||||||
## Let's improve PEASS together
|
## Let's improve PEASS together
|
||||||
|
|
||||||
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
|
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
|
||||||
|
|
||||||
## PEASS Style
|
## PEASS Style
|
||||||
|
|
||||||
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
|
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
|
||||||
|
|
||||||
## Advisory
|
## Advisory
|
||||||
|
|
||||||
All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.
|
All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.
|
||||||
|
|
||||||
|
|
||||||
|
## License
|
||||||
By Polop<sup>(TM)</sup>
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
By Polop<sup>(TM)</sup>
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# LinPEAS - Linux Privilege Escalation Awesome Script
|
# LinPEAS - Linux Privilege Escalation Awesome Script
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -13,11 +13,11 @@ Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks
|
|||||||
Just execute `linpeas.sh` in a MacOS system and the **MacPEAS version will be automatically executed**
|
Just execute `linpeas.sh` in a MacOS system and the **MacPEAS version will be automatically executed**
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
|
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/tag/refs%2Fheads%2Fmaster)**.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# From github
|
# From github
|
||||||
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
|
curl -L https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/linpeas.sh | sh
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@@ -42,7 +42,7 @@ less -r /dev/shm/linpeas.txt #Read with colors
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Use a linpeas binary
|
# Use a linpeas binary
|
||||||
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
|
wget https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/linpeas_linux_amd64
|
||||||
chmod +x linpeas_linux_amd64
|
chmod +x linpeas_linux_amd64
|
||||||
./linpeas_linux_amd64
|
./linpeas_linux_amd64
|
||||||
```
|
```
|
||||||
@@ -203,5 +203,8 @@ If you find any issue, please report it using **[github issues](https://github.c
|
|||||||
|
|
||||||
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
By Polop<sup>(TM)</sup>
|
MIT License
|
||||||
|
|
||||||
|
By Polop<sup>(TM)</sup>
|
||||||
|
|||||||
@@ -21,11 +21,6 @@ else echo_not_found "sudo"
|
|||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
#-- SY) CVE-2021-4034
|
|
||||||
if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then
|
|
||||||
echo "Vulnerable to CVE-2021-4034 (polkit privesc)" | sed -${E} "s,.*,${SED_RED_YELLOW},"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#--SY) USBCreator
|
#--SY) USBCreator
|
||||||
if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
|
if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
|
||||||
print_2title "USBCreator"
|
print_2title "USBCreator"
|
||||||
@@ -127,10 +122,9 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
|
|||||||
print_2title "Executing Linux Exploit Suggester"
|
print_2title "Executing Linux Exploit Suggester"
|
||||||
print_info "https://github.com/mzet-/linux-exploit-suggester"
|
print_info "https://github.com/mzet-/linux-exploit-suggester"
|
||||||
les_b64="peass{LES}"
|
les_b64="peass{LES}"
|
||||||
|
echo $les_b64 | base64 -d | bash
|
||||||
if [ "$EXTRA_CHECKS" ]; then
|
if [ "$EXTRA_CHECKS" ]; then
|
||||||
echo $les_b64 | base64 -d | bash -s -- --checksec | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | sed -E "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
|
echo $les_b64 | base64 -d | bash -s -- --checksec
|
||||||
else
|
|
||||||
echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\],*,${SED_RED},g"
|
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
fi
|
fi
|
||||||
@@ -139,7 +133,7 @@ if [ "$(command -v perl 2>/dev/null)" ]; then
|
|||||||
print_2title "Executing Linux Exploit Suggester 2"
|
print_2title "Executing Linux Exploit Suggester 2"
|
||||||
print_info "https://github.com/jondonas/linux-exploit-suggester-2"
|
print_info "https://github.com/jondonas/linux-exploit-suggester-2"
|
||||||
les2_b64="peass{LES2}"
|
les2_b64="peass{LES2}"
|
||||||
echo $les2_b64 | base64 -d | perl | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
|
echo $les2_b64 | base64 -d | perl
|
||||||
echo ""
|
echo ""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ else
|
|||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
#-- PCS) Binary processes permissions
|
#-- PCS) Binary processes permissions
|
||||||
print_2title "Binary processes permissions (non 'root root' and not belonging to current user)"
|
print_2title "Binary processes permissions (non 'root root' and not beloging to current user)"
|
||||||
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
|
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
|
||||||
binW="IniTialiZZinnggg"
|
binW="IniTialiZZinnggg"
|
||||||
ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do
|
ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do
|
||||||
@@ -303,4 +303,4 @@ if [ "$dbuslist" ]; then
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else echo_not_found "busctl"
|
else echo_not_found "busctl"
|
||||||
fi
|
fi
|
||||||
@@ -60,9 +60,9 @@ fi
|
|||||||
#-- UI) Sudo -l
|
#-- UI) Sudo -l
|
||||||
print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d"
|
print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d"
|
||||||
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
|
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
|
||||||
(echo '' | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
|
(echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
|
||||||
if [ "$PASSWORD" ]; then
|
if [ "$PASSWORD" ]; then
|
||||||
(echo "$PASSWORD" | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo"
|
(echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo"
|
||||||
fi
|
fi
|
||||||
( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers"
|
( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers"
|
||||||
if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
|
if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
|
||||||
@@ -228,4 +228,4 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] &&
|
|||||||
else
|
else
|
||||||
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
|
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
|
||||||
fi
|
fi
|
||||||
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
|
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
|
||||||
@@ -37,7 +37,7 @@ class MetasploitModule < Msf::Post
|
|||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]),
|
OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/linPEAS/linpeas.sh', "https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe"]),
|
||||||
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
|
OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
|
||||||
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
|
OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
|
||||||
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
|
OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),
|
||||||
|
|||||||
@@ -1,29 +1,33 @@
|
|||||||
# Windows Privilege Escalation Awesome Scripts
|
# Windows Privilege Escalation Awesome Scripts
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
||||||
|
|
||||||
Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
|
Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
|
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/tag/refs%2Fheads%2Fmaster)**.
|
||||||
|
|
||||||
## WinPEAS .exe and .bat
|
## WinPEAS .exe and .bat
|
||||||
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
|
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
|
||||||
- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
|
- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
|
||||||
- **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
|
- **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
|
||||||
|
|
||||||
## Please, if this tool has been useful for you consider to donate
|
## Please, if this tool has been useful for you consider to donate
|
||||||
|
|
||||||
[](https://www.patreon.com/peass)
|
[](https://www.patreon.com/peass)
|
||||||
|
|
||||||
## PEASS Style
|
## PEASS Style
|
||||||
|
|
||||||
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
|
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
|
||||||
|
|
||||||
## Advisory
|
## Advisory
|
||||||
|
|
||||||
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
||||||
|
|
||||||
By Polop<sup>(TM)</sup>
|
## License
|
||||||
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
By Polop<sup>(TM)</sup>
|
||||||
|
|||||||
@@ -137,5 +137,8 @@ This is the kind of outpuf that you have to look for when usnig the winPEAS.bat
|
|||||||
|
|
||||||
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
By Polop<sup>(TM)</sup>
|
By Polop<sup>(TM)</sup>
|
||||||
|
|||||||
@@ -237,7 +237,7 @@ CALL :T_Progress 2
|
|||||||
:RemodeDeskCredMgr
|
:RemodeDeskCredMgr
|
||||||
CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
|
CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
|
||||||
ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
|
ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
|
||||||
IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
IF exist "%AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
|
||||||
ECHO.
|
ECHO.
|
||||||
CALL :T_Progress 1
|
CALL :T_Progress 1
|
||||||
|
|
||||||
|
|||||||
@@ -1,288 +1,286 @@
|
|||||||
# Windows Privilege Escalation Awesome Script (.exe)
|
# Windows Privilege Escalation Awesome Script (.exe)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
|
**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
|
||||||
|
|
||||||
Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
|
||||||
|
|
||||||
[](https://youtu.be/66gOwXMnxRI)
|
[](https://youtu.be/66gOwXMnxRI)
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
|
|
||||||
**.Net >= 4.5.2 is required**
|
**.Net >= 4.5.2 is required**
|
||||||
|
|
||||||
Precompiled binaries:
|
Precompiled binaries:
|
||||||
- Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/latest)** or **compile it yourself** (read instructions for compilation).
|
- Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/tag/refs%2Fheads%2Fmaster)** or **compile it yourself** (read instructions for compilation).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Get latest release
|
#One liner to download and execute winPEASany from memory in a PS shell
|
||||||
$url = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"
|
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/winPEASany_ofs.exe" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
|
||||||
|
|
||||||
# One liner to download and execute winPEASany from memory in a PS shell
|
#Before cmd in 3 lines
|
||||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
|
$url = "https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/winPEASany_ofs.exe"
|
||||||
|
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
|
||||||
# Before cmd in 3 lines
|
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
|
|
||||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
#Load from disk in memory and execute:
|
||||||
|
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
|
||||||
# Load from disk in memory and execute:
|
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||||
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
|
|
||||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
#Load from disk in base64 and execute
|
||||||
|
##Generate winpeas in Base64:
|
||||||
# Load from disk in base64 and execute
|
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
|
||||||
##Generate winpeas in Base64:
|
##Now upload the B64 string to the victim inside a file or copy it to the clipboard
|
||||||
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
|
|
||||||
##Now upload the B64 string to the victim inside a file or copy it to the clipboard
|
##If you have uploaded the B64 as afile load it with:
|
||||||
|
$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
|
||||||
##If you have uploaded the B64 as afile load it with:
|
##If you have copied the B64 to the clipboard do:
|
||||||
$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
|
$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
|
||||||
##If you have copied the B64 to the clipboard do:
|
##Finally, load binary in memory and execute
|
||||||
$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
|
$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
|
||||||
##Finally, load binary in memory and execute
|
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||||
$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
|
|
||||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
#Loading from file and executing a winpeas obfuscated version
|
||||||
|
##Load obfuscated version
|
||||||
# Loading from file and executing a winpeas obfuscated version
|
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
|
||||||
##Load obfuscated version
|
$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
|
||||||
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
|
[<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas
|
||||||
$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
|
```
|
||||||
[<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas
|
|
||||||
```
|
## Parameters Examples
|
||||||
|
|
||||||
## Parameters Examples
|
```bash
|
||||||
|
winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
|
||||||
```bash
|
winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
|
||||||
winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
|
winpeas.exe notcolor #Do not color the output
|
||||||
winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
|
winpeas.exe domain #enumerate also domain information
|
||||||
winpeas.exe notcolor #Do not color the output
|
winpeas.exe wait #wait for user input between tests
|
||||||
winpeas.exe domain #enumerate also domain information
|
winpeas.exe debug #display additional debug information
|
||||||
winpeas.exe wait #wait for user input between tests
|
winpeas.exe log #log output to out.txt instead of standard output
|
||||||
winpeas.exe debug #display additional debug information
|
winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
||||||
winpeas.exe log #log output to out.txt instead of standard output
|
winpeas.exe -lolbas #Execute also additional LOLBAS search check
|
||||||
winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
```
|
||||||
winpeas.exe -lolbas #Execute also additional LOLBAS search check
|
|
||||||
```
|
## Help
|
||||||
|
```
|
||||||
## Help
|
quiet Do not print banner
|
||||||
```
|
notcolor Don't use ansi colors (all white)
|
||||||
quiet Do not print banner
|
systeminfo Search system information
|
||||||
notcolor Don't use ansi colors (all white)
|
userinfo Search user information
|
||||||
systeminfo Search system information
|
processinfo Search processes information
|
||||||
userinfo Search user information
|
servicesinfo Search services information
|
||||||
processinfo Search processes information
|
applicationsinfo Search installed applications information
|
||||||
servicesinfo Search services information
|
networkinfo Search network information
|
||||||
applicationsinfo Search installed applications information
|
windowscreds Search windows credentials
|
||||||
networkinfo Search network information
|
browserinfo Search browser information
|
||||||
windowscreds Search windows credentials
|
filesinfo Search files that can contains credentials
|
||||||
browserinfo Search browser information
|
eventsinfo Display interesting events information
|
||||||
filesinfo Search files that can contains credentials
|
wait Wait for user input between checks
|
||||||
eventsinfo Display interesting events information
|
debug Display debugging information - memory usage, method execution time
|
||||||
wait Wait for user input between checks
|
log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified
|
||||||
debug Display debugging information - memory usage, method execution time
|
|
||||||
log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified
|
Additional checks (slower):
|
||||||
|
-lolbas Run additional LOLBAS check
|
||||||
Additional checks (slower):
|
-linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
|
||||||
-lolbas Run additional LOLBAS check
|
(default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
||||||
-linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
|
```
|
||||||
(default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
|
||||||
```
|
## Basic information
|
||||||
|
|
||||||
## Basic information
|
The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
|
||||||
|
|
||||||
The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
|
It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
|
||||||
|
|
||||||
It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
|
The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
|
||||||
|
|
||||||
The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
|
## Where are my COLORS?!?!?!
|
||||||
|
|
||||||
## Where are my COLORS?!?!?!
|
The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD):
|
||||||
|
```
|
||||||
The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD):
|
REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
|
||||||
```
|
```
|
||||||
REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
|
|
||||||
```
|
Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
|
||||||
|
|
||||||
Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
|
|
||||||
|
## Instructions to compile you own obfuscated version
|
||||||
|
|
||||||
|
In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
|
||||||
## Instructions to compile you own obfuscated version
|
|
||||||
|
To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
|
||||||
<details>
|
|
||||||
<summary>Details</summary>
|
To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*).
|
||||||
|
|
||||||
In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
|
Once you have installed and activated it you need to:
|
||||||
|
1. **Compile** winpeas in VisualStudio
|
||||||
To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
|
2. **Open dotfuscator** app
|
||||||
|
3. **Open** in dotfuscator **winPEAS.exe compiled**
|
||||||
To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*).
|
4. Click on **Build**
|
||||||
|
5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
|
||||||
Once you have installed and activated it you need to:
|
|
||||||
1. **Compile** winpeas in VisualStudio
|
**I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
|
||||||
2. **Open dotfuscator** app
|
|
||||||
3. **Open** in dotfuscator **winPEAS.exe compiled**
|
|
||||||
4. Click on **Build**
|
|
||||||
5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
|
|
||||||
|
## Colors
|
||||||
**I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
|
|
||||||
|
|
||||||
|
|
||||||
|
## Checks
|
||||||
**IMPORTANT**: Note that Defender will higly probable delete the winpeas iintial unobfuscated version, so you need to set as expections the origin folder of Winpeas and the folder were the obfuscated version will be saved:
|
|
||||||
|
<details>
|
||||||
</details>
|
<summary>Details</summary>
|
||||||
|
|
||||||
## Checks
|
- **System Information**
|
||||||
|
- [x] Basic System info information
|
||||||
<details>
|
- [x] Use Watson to search for vulnerabilities
|
||||||
<summary>Details</summary>
|
- [x] Enumerate Microsoft updates
|
||||||
|
- [x] PS, Audit, WEF and LAPS Settings
|
||||||
- **System Information**
|
- [x] LSA protection
|
||||||
- [x] Basic System info information
|
- [x] Credential Guard
|
||||||
- [x] Use Watson to search for vulnerabilities
|
- [x] WDigest
|
||||||
- [x] Enumerate Microsoft updates
|
- [x] Number of cached cred
|
||||||
- [x] PS, Audit, WEF and LAPS Settings
|
- [x] Environment Variables
|
||||||
- [x] LSA protection
|
- [x] Internet Settings
|
||||||
- [x] Credential Guard
|
- [x] Current drives information
|
||||||
- [x] WDigest
|
- [x] AV
|
||||||
- [x] Number of cached cred
|
- [x] Windows Defender
|
||||||
- [x] Environment Variables
|
- [x] UAC configuration
|
||||||
- [x] Internet Settings
|
- [x] NTLM Settings
|
||||||
- [x] Current drives information
|
- [x] Local Group Policy
|
||||||
- [x] AV
|
- [x] Applocker Configuration & bypass suggestions
|
||||||
- [x] Windows Defender
|
- [x] Printers
|
||||||
- [x] UAC configuration
|
- [x] Named Pipes
|
||||||
- [x] NTLM Settings
|
- [x] AMSI Providers
|
||||||
- [x] Local Group Policy
|
- [x] SysMon
|
||||||
- [x] Applocker Configuration & bypass suggestions
|
- [x] .NET Versions
|
||||||
- [x] Printers
|
|
||||||
- [x] Named Pipes
|
- **Users Information**
|
||||||
- [x] AMSI Providers
|
- [x] Users information
|
||||||
- [x] SysMon
|
- [x] Current token privileges
|
||||||
- [x] .NET Versions
|
- [x] Clipboard text
|
||||||
|
- [x] Current logged users
|
||||||
- **Users Information**
|
- [x] RDP sessions
|
||||||
- [x] Users information
|
- [x] Ever logged users
|
||||||
- [x] Current token privileges
|
- [x] Autologin credentials
|
||||||
- [x] Clipboard text
|
- [x] Home folders
|
||||||
- [x] Current logged users
|
- [x] Password policies
|
||||||
- [x] RDP sessions
|
- [x] Local User details
|
||||||
- [x] Ever logged users
|
- [x] Logon Sessions
|
||||||
- [x] Autologin credentials
|
|
||||||
- [x] Home folders
|
- **Processes Information**
|
||||||
- [x] Password policies
|
- [x] Interesting processes (non Microsoft)
|
||||||
- [x] Local User details
|
|
||||||
- [x] Logon Sessions
|
- **Services Information**
|
||||||
|
- [x] Interesting services (non Microsoft) information
|
||||||
- **Processes Information**
|
- [x] Modifiable services
|
||||||
- [x] Interesting processes (non Microsoft)
|
- [x] Writable service registry binpath
|
||||||
|
- [x] PATH Dll Hijacking
|
||||||
- **Services Information**
|
|
||||||
- [x] Interesting services (non Microsoft) information
|
- **Applications Information**
|
||||||
- [x] Modifiable services
|
- [x] Current Active Window
|
||||||
- [x] Writable service registry binpath
|
- [x] Installed software
|
||||||
- [x] PATH Dll Hijacking
|
- [x] AutoRuns
|
||||||
|
- [x] Scheduled tasks
|
||||||
- **Applications Information**
|
- [x] Device drivers
|
||||||
- [x] Current Active Window
|
|
||||||
- [x] Installed software
|
- **Network Information**
|
||||||
- [x] AutoRuns
|
- [x] Current net shares
|
||||||
- [x] Scheduled tasks
|
- [x] Mapped drives (WMI)
|
||||||
- [x] Device drivers
|
- [x] hosts file
|
||||||
|
- [x] Network Interfaces
|
||||||
- **Network Information**
|
- [x] Listening ports
|
||||||
- [x] Current net shares
|
- [x] Firewall rules
|
||||||
- [x] Mapped drives (WMI)
|
- [x] DNS Cache (limit 70)
|
||||||
- [x] hosts file
|
- [x] Internet Settings
|
||||||
- [x] Network Interfaces
|
|
||||||
- [x] Listening ports
|
- **Windows Credentials**
|
||||||
- [x] Firewall rules
|
- [x] Windows Vault
|
||||||
- [x] DNS Cache (limit 70)
|
- [x] Credential Manager
|
||||||
- [x] Internet Settings
|
- [x] Saved RDP settings
|
||||||
|
- [x] Recently run commands
|
||||||
- **Windows Credentials**
|
- [x] Default PS transcripts files
|
||||||
- [x] Windows Vault
|
- [x] DPAPI Masterkeys
|
||||||
- [x] Credential Manager
|
- [x] DPAPI Credential files
|
||||||
- [x] Saved RDP settings
|
- [x] Remote Desktop Connection Manager credentials
|
||||||
- [x] Recently run commands
|
- [x] Kerberos Tickets
|
||||||
- [x] Default PS transcripts files
|
- [x] Wifi
|
||||||
- [x] DPAPI Masterkeys
|
- [x] AppCmd.exe
|
||||||
- [x] DPAPI Credential files
|
- [x] SSClient.exe
|
||||||
- [x] Remote Desktop Connection Manager credentials
|
- [x] SCCM
|
||||||
- [x] Kerberos Tickets
|
- [x] Security Package Credentials
|
||||||
- [x] Wifi
|
- [x] AlwaysInstallElevated
|
||||||
- [x] AppCmd.exe
|
- [x] WSUS
|
||||||
- [x] SSClient.exe
|
|
||||||
- [x] SCCM
|
- **Browser Information**
|
||||||
- [x] Security Package Credentials
|
- [x] Firefox DBs
|
||||||
- [x] AlwaysInstallElevated
|
- [x] Credentials in firefox history
|
||||||
- [x] WSUS
|
- [x] Chrome DBs
|
||||||
|
- [x] Credentials in chrome history
|
||||||
- **Browser Information**
|
- [x] Current IE tabs
|
||||||
- [x] Firefox DBs
|
- [x] Credentials in IE history
|
||||||
- [x] Credentials in firefox history
|
- [x] IE Favorites
|
||||||
- [x] Chrome DBs
|
- [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave
|
||||||
- [x] Credentials in chrome history
|
|
||||||
- [x] Current IE tabs
|
- **Interesting Files and registry**
|
||||||
- [x] Credentials in IE history
|
- [x] Putty sessions
|
||||||
- [x] IE Favorites
|
- [x] Putty SSH host keys
|
||||||
- [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave
|
- [x] SuperPutty info
|
||||||
|
- [x] Office365 endpoints synced by OneDrive
|
||||||
- **Interesting Files and registry**
|
- [x] SSH Keys inside registry
|
||||||
- [x] Putty sessions
|
- [x] Cloud credentials
|
||||||
- [x] Putty SSH host keys
|
- [x] Check for unattended files
|
||||||
- [x] SuperPutty info
|
- [x] Check for SAM & SYSTEM backups
|
||||||
- [x] Office365 endpoints synced by OneDrive
|
- [x] Check for cached GPP Passwords
|
||||||
- [x] SSH Keys inside registry
|
- [x] Check for and extract creds from McAffe SiteList.xml files
|
||||||
- [x] Cloud credentials
|
- [x] Possible registries with credentials
|
||||||
- [x] Check for unattended files
|
- [x] Possible credentials files in users homes
|
||||||
- [x] Check for SAM & SYSTEM backups
|
- [x] Possible password files inside the Recycle bin
|
||||||
- [x] Check for cached GPP Passwords
|
- [x] Possible files containing credentials (this take some minutes)
|
||||||
- [x] Check for and extract creds from McAffe SiteList.xml files
|
- [x] User documents (limit 100)
|
||||||
- [x] Possible registries with credentials
|
- [x] Oracle SQL Developer config files check
|
||||||
- [x] Possible credentials files in users homes
|
- [x] Slack files search
|
||||||
- [x] Possible password files inside the Recycle bin
|
- [x] Outlook downloads
|
||||||
- [x] Possible files containing credentials (this take some minutes)
|
- [x] Machine and user certificate files
|
||||||
- [x] User documents (limit 100)
|
- [x] Office most recent documents
|
||||||
- [x] Oracle SQL Developer config files check
|
- [x] Hidden files and folders
|
||||||
- [x] Slack files search
|
- [x] Executable files in non-default folders with write permissions
|
||||||
- [x] Outlook downloads
|
- [x] WSL check
|
||||||
- [x] Machine and user certificate files
|
|
||||||
- [x] Office most recent documents
|
- **Events Information**
|
||||||
- [x] Hidden files and folders
|
- [x] Logon + Explicit Logon Events
|
||||||
- [x] Executable files in non-default folders with write permissions
|
- [x] Process Creation Events
|
||||||
- [x] WSL check
|
- [x] PowerShell Events
|
||||||
|
- [x] Power On/Off Events
|
||||||
- **Events Information**
|
|
||||||
- [x] Logon + Explicit Logon Events
|
- **Additional (slower) checks**
|
||||||
- [x] Process Creation Events
|
- [x] LOLBAS search
|
||||||
- [x] PowerShell Events
|
- [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
|
||||||
- [x] Power On/Off Events
|
|
||||||
|
</details>
|
||||||
- **Additional (slower) checks**
|
|
||||||
- [x] LOLBAS search
|
## TODO
|
||||||
- [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
|
- Add more checks
|
||||||
|
- Mantain updated Watson (last JAN 2021)
|
||||||
</details>
|
|
||||||
|
If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
|
||||||
## TODO
|
|
||||||
- Add more checks
|
If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
|
||||||
- Mantain updated Watson (last JAN 2021)
|
|
||||||
|
**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
|
||||||
If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
|
|
||||||
|
## Please, if this tool has been useful for you consider to donate
|
||||||
If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
|
|
||||||
|
[](https://www.patreon.com/peass)
|
||||||
**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
|
|
||||||
|
## Advisory
|
||||||
## Please, if this tool has been useful for you consider to donate
|
|
||||||
|
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
||||||
[](https://www.patreon.com/peass)
|
|
||||||
|
## License
|
||||||
## Advisory
|
|
||||||
|
MIT License
|
||||||
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
|
||||||
|
By Polop<sup>(TM)</sup>, makikvues (makikvues2[at]gmail[dot].com)
|
||||||
|
|
||||||
By Polop<sup>(TM)</sup>, makikvues (makikvues2[at]gmail[dot].com)
|
|
||||||
|
|||||||
@@ -1,51 +1,51 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 12.00
|
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||||
# Visual Studio Version 16
|
# Visual Studio Version 16
|
||||||
VisualStudioVersion = 16.0.29326.143
|
VisualStudioVersion = 16.0.29326.143
|
||||||
MinimumVisualStudioVersion = 10.0.40219.1
|
MinimumVisualStudioVersion = 10.0.40219.1
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}"
|
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}"
|
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}"
|
||||||
EndProject
|
EndProject
|
||||||
Global
|
Global
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||||
Debug|Any CPU = Debug|Any CPU
|
Debug|Any CPU = Debug|Any CPU
|
||||||
Debug|x64 = Debug|x64
|
Debug|x64 = Debug|x64
|
||||||
Debug|x86 = Debug|x86
|
Debug|x86 = Debug|x86
|
||||||
Release|Any CPU = Release|Any CPU
|
Release|Any CPU = Release|Any CPU
|
||||||
Release|x64 = Release|x64
|
Release|x64 = Release|x64
|
||||||
Release|x86 = Release|x86
|
Release|x86 = Release|x86
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86
|
||||||
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86
|
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU
|
||||||
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU
|
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
GlobalSection(SolutionProperties) = preSolution
|
||||||
HideSolutionNode = FALSE
|
HideSolutionNode = FALSE
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(ExtensibilityGlobals) = postSolution
|
GlobalSection(ExtensibilityGlobals) = postSolution
|
||||||
SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C}
|
SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C}
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
EndGlobal
|
EndGlobal
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<configuration>
|
<configuration>
|
||||||
<startup useLegacyV2RuntimeActivationPolicy="true">
|
<startup useLegacyV2RuntimeActivationPolicy="true">
|
||||||
|
|
||||||
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
|
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|||||||
@@ -1,3 +1,3 @@
|
|||||||
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
|
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
|
||||||
<Costura />
|
<Costura />
|
||||||
</Weavers>
|
</Weavers>
|
||||||
@@ -1,111 +1,111 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
|
||||||
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
|
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
|
||||||
<xs:element name="Weavers">
|
<xs:element name="Weavers">
|
||||||
<xs:complexType>
|
<xs:complexType>
|
||||||
<xs:all>
|
<xs:all>
|
||||||
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
|
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
|
||||||
<xs:complexType>
|
<xs:complexType>
|
||||||
<xs:all>
|
<xs:all>
|
||||||
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
|
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
|
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
|
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
|
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
|
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
|
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
|
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
|
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
|
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
|
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
|
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
|
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
|
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
|
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="DisableCompression" type="xs:boolean">
|
<xs:attribute name="DisableCompression" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
|
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="DisableCleanup" type="xs:boolean">
|
<xs:attribute name="DisableCleanup" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
|
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
|
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
|
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
|
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
|
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="ExcludeAssemblies" type="xs:string">
|
<xs:attribute name="ExcludeAssemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
|
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="IncludeAssemblies" type="xs:string">
|
<xs:attribute name="IncludeAssemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
|
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
|
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
|
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
|
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
|
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="PreloadOrder" type="xs:string">
|
<xs:attribute name="PreloadOrder" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
|
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="VerifyAssembly" type="xs:boolean">
|
<xs:attribute name="VerifyAssembly" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
|
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
|
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
|
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="GenerateXsd" type="xs:boolean">
|
<xs:attribute name="GenerateXsd" type="xs:boolean">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
|
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
</xs:schema>
|
</xs:schema>
|
||||||
@@ -1,17 +1,17 @@
|
|||||||
using System;
|
using System;
|
||||||
|
|
||||||
|
|
||||||
namespace winPEAS
|
namespace winPEAS
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
// Static blacklists
|
// Static blacklists
|
||||||
//static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
|
//static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
|
||||||
|
|
||||||
[STAThread]
|
[STAThread]
|
||||||
public static void Main(string[] args)
|
public static void Main(string[] args)
|
||||||
{
|
{
|
||||||
Checks.Checks.Run(args);
|
Checks.Checks.Run(args);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,36 +1,36 @@
|
|||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using System.Runtime.CompilerServices;
|
using System.Runtime.CompilerServices;
|
||||||
using System.Runtime.InteropServices;
|
using System.Runtime.InteropServices;
|
||||||
|
|
||||||
// General Information about an assembly is controlled through the following
|
// General Information about an assembly is controlled through the following
|
||||||
// set of attributes. Change these attribute values to modify the information
|
// set of attributes. Change these attribute values to modify the information
|
||||||
// associated with an assembly.
|
// associated with an assembly.
|
||||||
[assembly: AssemblyTitle("asdas2dasd")]
|
[assembly: AssemblyTitle("asdas2dasd")]
|
||||||
[assembly: AssemblyDescription("")]
|
[assembly: AssemblyDescription("")]
|
||||||
[assembly: AssemblyConfiguration("")]
|
[assembly: AssemblyConfiguration("")]
|
||||||
[assembly: AssemblyCompany("")]
|
[assembly: AssemblyCompany("")]
|
||||||
[assembly: AssemblyProduct("asdas2dasd")]
|
[assembly: AssemblyProduct("asdas2dasd")]
|
||||||
[assembly: AssemblyCopyright("Copyright © 2019")]
|
[assembly: AssemblyCopyright("Copyright © 2019")]
|
||||||
[assembly: AssemblyTrademark("")]
|
[assembly: AssemblyTrademark("")]
|
||||||
[assembly: AssemblyCulture("")]
|
[assembly: AssemblyCulture("")]
|
||||||
|
|
||||||
// Setting ComVisible to false makes the types in this assembly not visible
|
// Setting ComVisible to false makes the types in this assembly not visible
|
||||||
// to COM components. If you need to access a type in this assembly from
|
// to COM components. If you need to access a type in this assembly from
|
||||||
// COM, set the ComVisible attribute to true on that type.
|
// COM, set the ComVisible attribute to true on that type.
|
||||||
[assembly: ComVisible(false)]
|
[assembly: ComVisible(false)]
|
||||||
|
|
||||||
// The following GUID is for the ID of the typelib if this project is exposed to COM
|
// The following GUID is for the ID of the typelib if this project is exposed to COM
|
||||||
[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
|
[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
|
||||||
|
|
||||||
// Version information for an assembly consists of the following four values:
|
// Version information for an assembly consists of the following four values:
|
||||||
//
|
//
|
||||||
// Major Version
|
// Major Version
|
||||||
// Minor Version
|
// Minor Version
|
||||||
// Build Number
|
// Build Number
|
||||||
// Revision
|
// Revision
|
||||||
//
|
//
|
||||||
// You can specify all the values or you can default the Build and Revision Numbers
|
// You can specify all the values or you can default the Build and Revision Numbers
|
||||||
// by using the '*' as shown below:
|
// by using the '*' as shown below:
|
||||||
// [assembly: AssemblyVersion("1.0.*")]
|
// [assembly: AssemblyVersion("1.0.*")]
|
||||||
[assembly: AssemblyVersion("1.0.0.0")]
|
[assembly: AssemblyVersion("1.0.0.0")]
|
||||||
[assembly: AssemblyFileVersion("1.0.0.0")]
|
[assembly: AssemblyFileVersion("1.0.0.0")]
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -1,24 +1,24 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'">
|
||||||
<StartArguments>
|
<StartArguments>
|
||||||
</StartArguments>
|
</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
|
||||||
<StartArguments>servicesinfo</StartArguments>
|
<StartArguments>servicesinfo</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
||||||
<StartArguments>debug</StartArguments>
|
<StartArguments>debug</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
|
||||||
<StartArguments>fast</StartArguments>
|
<StartArguments>fast</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">
|
||||||
<StartArguments>
|
<StartArguments>
|
||||||
</StartArguments>
|
</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'">
|
||||||
<StartArguments>
|
<StartArguments>
|
||||||
</StartArguments>
|
</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
</Project>
|
</Project>
|
||||||
Reference in New Issue
Block a user