Merge 94e10c0ae7 into 5d0d7c7997

.github/workflows/CI-master_tests.yml

@@ -5,9 +5,6 @@ on:
     branches:
       - master
 
-  schedule:
-    - cron: "5 4 * * SUN"
-
   workflow_dispatch:
 
 jobs:
@@ -199,7 +196,7 @@ jobs:
       
       # Run linpeas as a test
       - name: Run linpeas
-        run: linPEAS/linpeas.sh -a -D
+        run: linPEAS/linpeas.sh -a -d
       
       # Upload files for release
       - name: Upload linpeas.sh
@@ -286,7 +283,7 @@ jobs:
       
       # Run macpeas parts to test it
       - name: Run macpeas
-        run: linPEAS/linpeas.sh -D -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
+        run: linPEAS/linpeas.sh -d -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
 
      
   Publish_release:
@@ -365,10 +362,6 @@ jobs:
       with:
         name: linpeas_darwin_arm64
     
-    - name: Get current date
-      id: date
-      run: echo "::set-output name=date::$(date +'%Y%m%d')"
-    
     # Create the release
     - name: Create Release
       id: create_release
@@ -376,8 +369,8 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        tag_name: ${{steps.date.outputs.date}}
+        tag_name: ${{ github.ref }}
-        release_name: Release ${{ github.ref }} ${{steps.date.outputs.date}}
+        release_name: Release ${{ github.ref }}
         draft: false
         prerelease: false
         

README.md

@@ -21,9 +21,6 @@ These tools search for possible **local privilege escalation paths** that you co
 ## Quick Start
 Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
 
-## JSON, HTML & PDF output
-Check the **[parsers](./parsers/)** directory to **transform PEASS outputs to JSON, HTML and PDF**
-
 ## Let's improve PEASS together
 
 If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.

linPEAS/README.md

@@ -17,7 +17,9 @@ Find the **latest versions of all the scripts and binaries in [the releases page
 
 ```bash
 # From github
-curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
+LATEST_RELEASE=$(curl -L -s -H 'Accept: application/json' https://github.com/carlospolop/PEASS-ng/releases/latest)
+LATEST_VERSION=$(echo $LATEST_RELEASE | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
+curl -L https://github.com/carlospolop/PEASS-ng/releases/download/$LATEST_VERSION/linpeas.sh | sh
 ```
 
 ```bash
@@ -42,7 +44,7 @@ less -r /dev/shm/linpeas.txt #Read with colors
 
 ```bash
 # Use a linpeas binary
-wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
+wget https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/linpeas_linux_amd64
 chmod +x linpeas_linux_amd64
 ./linpeas_linux_amd64
 ```

linPEAS/builder/linpeas_parts/1_system_information.sh

@@ -21,19 +21,6 @@ else echo_not_found "sudo"
 fi
 echo ""
 
-#-- SY) CVE-2021-4034
-if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then 
-    echo "Vulnerable to CVE-2021-4034" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-
-#-- SY) CVE-2021-3560
-polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
-if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(rpm -qa | grep polkit | grep -c '0.117-2\|0.115-6')" -ge 1 ]]; then
-    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-
 #--SY) USBCreator
 if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
     print_2title "USBCreator"
@@ -135,10 +122,9 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
     print_2title "Executing Linux Exploit Suggester"
     print_info "https://github.com/mzet-/linux-exploit-suggester"
     les_b64="peass{LES}"
+    echo $les_b64 | base64 -d | bash
     if [ "$EXTRA_CHECKS" ]; then
-        echo $les_b64 | base64 -d | bash -s -- --checksec | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | sed -E "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
+        echo $les_b64 | base64 -d | bash -s -- --checksec
-    else
-        echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\],*,${SED_RED},g"
     fi
     echo ""
 fi
@@ -147,7 +133,7 @@ if [ "$(command -v perl 2>/dev/null)" ]; then
     print_2title "Executing Linux Exploit Suggester 2"
     print_info "https://github.com/jondonas/linux-exploit-suggester-2"
     les2_b64="peass{LES2}"
-    echo $les2_b64 | base64 -d | perl | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
+    echo $les2_b64 | base64 -d | perl
     echo ""
 fi
 

linPEAS/builder/linpeas_parts/3_procs_crons_timers_srvcs_sockets.sh

@@ -28,7 +28,7 @@ else
   echo ""
 
   #-- PCS) Binary processes permissions
-  print_2title "Binary processes permissions (non 'root root' and not belonging to current user)"
+  print_2title "Binary processes permissions (non 'root root' and not beloging to current user)"
   print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
   binW="IniTialiZZinnggg"
   ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do

linPEAS/builder/linpeas_parts/5_users_information.sh

@@ -60,9 +60,9 @@ fi
 #-- UI) Sudo -l
 print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d"
 print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
-(echo '' | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
+(echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
 if [ "$PASSWORD" ]; then
-  (echo "$PASSWORD" | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null  || echo_not_found "sudo"
+  (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null  || echo_not_found "sudo"
 fi
 ( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null  || echo_not_found "/etc/sudoers"
 if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then

metasploit/peass.rb

@@ -37,7 +37,7 @@ class MetasploitModule < Msf::Post
     ))
     register_options(
       [
-        OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh', "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"]),
+        OptString.new('PEASS_URL', [true, 'Path to the PEASS script. Accepted: http(s):// URL or absolute local path. Linpeas: https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/linPEAS/linpeas.sh', "https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe"]),
         OptString.new('PASSWORD', [false, 'Password to encrypt and obfuscate the script (randomly generated). The length must be 32B. If no password is set, only base64 will be used.', rand(36**32).to_s(36)]),
         OptString.new('TEMP_DIR', [false, 'Path to upload the obfuscated PEASS script inside the compromised machine. By default "C:\Windows\System32\spool\drivers\color" is used in Windows and "/tmp" in Unix.', '']),
         OptString.new('PARAMETERS', [false, 'Parameters to pass to the script', nil]),

parser/README.md

@@ -1,15 +1,14 @@
-# Privilege Escalation Awesome Scripts Parsers
+# Privilege Escalation Awesome Scripts JSON exporter
 
-These scripts allows you to transform the output of linpeas/macpeas/winpeas to JSON and then to PDF and HTML.
+This script allows you to transform the output of linpeas/macpeas/winpeas to JSON.
 
 ```python3
-python3 peass2json.py </path/to/executed_peass.out> </path/to/peass.json>
+python3 peass-parser.py </path/to/executed_peass> </path/to/output_peass.json>
-python3 json2pdf.py </path/to/peass.json> </path/to/peass.pdf>
-python3 json2html.py </path/to/peass.json> </path/to/peass.html>
 ```
 
+This script is still in beta version and has been tested only with linpeas output.
 
-## JSON Format
+## Format
 Basically, **each section has**:
  - Infos (URLs or info about the section)
  - Text lines (the real text info found in the section, colors included)
@@ -76,4 +75,4 @@ There can also be a `<Third level Section Name>`
 
 # TODO:
 
-- **PRs improving the code and the aspect of the final PDFs and HTMLs are always welcome!**
+I'm looking for **someone that could create HTML and PDF reports** from this JSON.

parser/peass-parser.py

@@ -5,7 +5,7 @@ import re
 import json
 
 # Pattern to identify main section titles
-TITLE1_PATTERN = r"══════════════╣" # The size of the first pattern varies, but at least should be that large
+TITLE1_PATTERN = r"════════════════════════════════════╣"
 TITLE2_PATTERN = r"╔══════════╣"
 TITLE3_PATTERN = r"══╣"
 INFO_PATTERN = r"╚ "
@@ -14,15 +14,15 @@ TITLE_CHARS = ['═', '╔', '╣', '╚']
 # Patterns for colors
 ## The order is important, the first string colored with a color will be the one selected (the same string cannot be colored with different colors)
 COLORS = {
-    "REDYELLOW": ['\x1b[1;31;103m'],
+    "REDYELLOW": [r"\x1b\[1;31;103m"],
-    "RED": ['\x1b[1;31m'],
+    "RED": [r"\x1b\[1;31m"],
-    "GREEN": ['\x1b[1;32m'],
+    "GREEN": [r"\x1b\[1;32m"],
-    "YELLOW": ['\x1b[1;33m'],
+    "YELLOW": [r"\x1b\[1;33m"],
-    "BLUE": ['\x1b[1;34m'],
+    "BLUE": [r"\x1b\[1;34m"],
-    "MAGENTA": ['\x1b[1;95m', '\x1b[1;35m'],
+    "MAGENTA": [r"\x1b\[1;95m", r"\x1b\[1;35m"],
-    "CYAN": ['\x1b[1;36m', '\x1b[1;96m'],
+    "CYAN": [r"\x1b\[1;36m", r"\x1b\[1;96m"],
-    "LIGHT_GREY": ['\x1b[1;37m'],
+    "LIGHT_GREY": [r"\x1b\[1;37m"],
-    "DARKGREY": ['\x1b[1;90m'],
+    "DARKGREY": [r"\x1b\[1;90m"],
 }
 
 
@@ -52,23 +52,11 @@ def get_colors(line: str) -> dict:
     for c,regexs in COLORS.items():
         colors[c] = []
         for reg in regexs:
-            split_color = line.split(reg)
+            for re_found in re.findall(reg+"(.+?)\x1b|$", line):
-            
+                re_found = clean_colors(re_found.strip())
-            # Start from the index 1 as the index 0 isn't colored
-            if split_color and len(split_color) > 1:
-                split_color = split_color[1:]
-                
-                # For each potential color, find the string before any possible color terminatio
-                for potential_color_str in split_color:
-                    color_str1 = potential_color_str.split('\x1b')[0]
-                    color_str2 = potential_color_str.split("\[0")[0]
-                    color_str = color_str1 if len(color_str1) < len(color_str2) else color_str2
-
-                    if color_str:
-                        color_str = clean_colors(color_str.strip())
                 #Avoid having the same color for the same string
-                        if color_str and not any(color_str in values for values in colors.values()):
+                if re_found and not any(re_found in values for values in colors.values()):
-                            colors[c].append(color_str)
+                    colors[c].append(re_found)
         
         if not colors[c]:
             del colors[c]
@@ -87,10 +75,10 @@ def clean_title(line: str) -> str:
 def clean_colors(line: str) -> str:
     """Given a line clean the colors inside of it"""
 
-    for reg in re.findall(r'\x1b\[[^a-zA-Z]+\dm', line):
+    for reg in re.findall(r'\x1b[^ ]+\dm', line):
         line = line.replace(reg,"")
     
-    line = line.replace('\x1b',"").replace("[0m", "").replace("[3m", "") #Sometimes that byte stays
+    line = line.replace('\x1b',"") #Sometimes that byte stays
     line = line.strip()
     return line
 
@@ -106,9 +94,6 @@ def parse_line(line: str):
 
     global FINAL_JSON, C_SECTION, C_MAIN_SECTION, C_2_SECTION, C_3_SECTION
 
-    if "Cron jobs" in line:
-        a=1
-
     if is_section(line, TITLE1_PATTERN):
         title = parse_title(line)
         FINAL_JSON[title] = { "sections": {}, "lines": [], "infos": [] }
@@ -139,13 +124,13 @@ def parse_line(line: str):
 
         C_SECTION["lines"].append({
             "raw_text": line,
-            "colors": get_colors(line),
+            "clean_text": clean_colors(line),
-            "clean_text": clean_title(clean_colors(line))
+            "colors": get_colors(line)
         })
 
 
 def main():
-    for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
+    for line in open(OUTPUT_PATH, 'r').readlines():
         line = line.strip()
         if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
             continue
@@ -162,7 +147,7 @@ if __name__ == "__main__":
         OUTPUT_PATH = sys.argv[1]
         JSON_PATH = sys.argv[2]
     except IndexError as err:
-        print("Error: Please pass the peas.out file and the path to save the json\npeas2json.py <output_file> <json_file.json>")
+        print("Error: Please pass the peas.out file and the path to save the json\n./peas-parser.py <output_file> <json_file.json>")
         sys.exit(1)
     
     main()

parsers/json2pdf.py

@@ -1,162 +0,0 @@
-#!/usr/bin/env python3
-import sys
-import json
-import html
-from reportlab.lib.pagesizes import letter
-from reportlab.platypus import Frame, Paragraph, Spacer, PageBreak,PageTemplate, BaseDocTemplate
-from reportlab.platypus.tableofcontents import TableOfContents
-from reportlab.lib.styles import getSampleStyleSheet, ParagraphStyle
-from reportlab.lib.units import cm
-
-styles = getSampleStyleSheet()
-text_colors = { "GREEN": "#00DB00", "RED": "#FF0000", "REDYELLOW": "#FFA500", "BLUE": "#0000FF",
-    "DARKGREY": "#5C5C5C", "YELLOW": "#ebeb21", "MAGENTA": "#FF00FF", "CYAN": "#00FFFF", "LIGHT_GREY": "#A6A6A6"}
-
-# Required to automatically set Page Numbers
-class PageTemplateWithCount(PageTemplate):
-    def __init__(self, id, frames, **kw):
-        PageTemplate.__init__(self, id, frames, **kw)
-
-    def beforeDrawPage(self, canvas, doc):
-        page_num = canvas.getPageNumber()
-        canvas.drawRightString(10.5*cm, 1*cm, str(page_num))
-
-# Required to automatically set the Table of Contents
-class MyDocTemplate(BaseDocTemplate):
-    def __init__(self, filename, **kw):
-        self.allowSplitting = 0
-        BaseDocTemplate.__init__(self, filename, **kw)
-        template = PageTemplateWithCount("normal", [Frame(2.5*cm, 2.5*cm, 15*cm, 25*cm, id='F1')])
-        self.addPageTemplates(template)
-
-    def afterFlowable(self, flowable):
-        if flowable.__class__.__name__ == "Paragraph":
-            text = flowable.getPlainText()
-            style = flowable.style.name
-            if style == "Heading1":
-                self.notify("TOCEntry", (0, text, self.page))
-            if style == "Heading2":
-                self.notify("TOCEntry", (1, text, self.page))
-            if style == "Heading3":
-                self.notify("TOCEntry", (2, text, self.page))
-      
-
-# Poor take at dynamicly generating styles depending on depth(?)
-def get_level_styles(level):
-    global styles
-    indent_value = 10 * (level - 1);
-    # Overriding some default stylings
-    level_styles = { 
-        "title": ParagraphStyle(
-          **dict(styles[f"Heading{level}"].__dict__,
-          **{ "leftIndent": indent_value })),
-        "text": ParagraphStyle(
-          **dict(styles["Code"].__dict__,
-          **{ "backColor": "#F0F0F0",
-          "borderPadding": 5, "borderWidth": 1,
-          "borderColor": "black", "borderRadius": 5,
-          "leftIndent": 5 + indent_value})),
-        "info": ParagraphStyle(
-          **dict(styles["Italic"].__dict__,
-          **{ "leftIndent": indent_value })),
-    }
-    return level_styles
-
-def get_colors_by_text(colors):
-    new_colors = {}
-    for (color, words) in colors.items():
-        for word in words:
-            new_colors[html.escape(word)] = color
-    return new_colors
-
-def build_main_section(section, title, level=1):
-    styles = get_level_styles(level)
-    has_links = "infos" in section.keys() and len(section["infos"]) > 0
-    has_lines = "lines" in section.keys() and len(section["lines"]) > 1
-    has_children = "sections" in section.keys() and len(section["sections"].keys()) > 0
-
-    # Only display data for Sections with results
-    show_section = has_lines or has_children
-
-    elements = []
-
-    if show_section:
-        elements.append(Paragraph(title, style=styles["title"]))
-
-    # Print info if any
-    if show_section and has_links:
-        for info in section["infos"]:
-            words = info.split() 
-            # Join all lines and encode any links that might be present.
-            words = map(lambda word: f'<a href="{word}" color="blue">{word}</a>' if "http" in word else word, words)
-            words = " ".join(words)
-            elements.append(Paragraph(words, style=styles["info"] ))
-
-  # Print lines if any
-    if "lines" in section.keys() and len(section["lines"]) > 1:
-        colors_by_line = list(map(lambda x: x["colors"], section["lines"]))
-        lines = list(map(lambda x: html.escape(x["clean_text"]), section["lines"]))
-        for (idx, line) in enumerate(lines):
-            colors = colors_by_line[idx]
-            colored_text = get_colors_by_text(colors)
-            colored_line = line
-            for (text, color) in colored_text.items():
-                if color == "REDYELLOW":
-                    colored_line = colored_line.replace(text, f'<font color="{text_colors[color]}"><b>{text}</b></font>')
-                else:
-                    colored_line = colored_line.replace(text, f'<font color="{text_colors[color]}">{text}</font>')
-            lines[idx] = colored_line
-        elements.append(Spacer(0, 10))
-        line = "<br/>".join(lines)
-
-    # If it's a top level entry remove the line break caused by an empty "clean_text"
-        if level == 1: line = line[5:]
-        elements.append(Paragraph(line, style=styles["text"]))
-
-
-  # Print child sections
-    if has_children:
-        for child_title in section["sections"].keys():
-            element_list = build_main_section(section["sections"][child_title], child_title, level + 1)
-            elements.extend(element_list)
-  
-  # Add spacing at the end of section. The deeper the level the smaller the spacing.
-    if show_section:
-        elements.append(Spacer(1, 40 - (10 * level)))
-  
-    return elements
-  
-
-def main():
-    with open(JSON_PATH) as file:
-        # Read and parse JSON file
-        data = json.loads(file.read())
-
-        # Default pdf values
-        doc = MyDocTemplate(PDF_PATH)
-        toc = TableOfContents()
-        toc.levelStyles = [
-            ParagraphStyle(name = "Heading1", fontSize = 14, leading=16),
-            ParagraphStyle(name = "Heading2", fontSize = 12, leading=14, leftIndent = 10),
-            ParagraphStyle(name = "Heading3", fontSize = 10, leading=12, leftIndent = 20),
-        ]
-
-        elements = [Paragraph("PEAS Report", style=styles["Title"]), Spacer(0, 30), toc, PageBreak()]
-      
-        # Iterate over all top level sections and build their elements.
-        for title in data.keys():
-            element_list = build_main_section(data[title], title)
-            elements.extend(element_list)
-      
-        doc.multiBuild(elements)
-
-# Start execution
-if __name__ == "__main__":
-    try:
-        JSON_PATH = sys.argv[1]
-        PDF_PATH = sys.argv[2]
-    except IndexError as err:
-        print("Error: Please pass the peas.json file and the path to save the pdf\njson2pdf.py <json_file> <pdf_file.pdf>")
-        sys.exit(1)
-    
-    main()

winPEAS/winPEASbat/winPEAS.bat

@@ -237,7 +237,7 @@ CALL :T_Progress 2
 :RemodeDeskCredMgr
 CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager"
 ECHO.   [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager
-IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
+IF exist "%AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files
 ECHO.
 CALL :T_Progress 1
 

winPEAS/winPEASexe/README.md

@@ -17,7 +17,10 @@ Precompiled binaries:
 
 ```bash
 # Get latest release
-$url = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"
+$latestRelease = Invoke-WebRequest https://github.com/carlospolop/PEASS-ng/releases/latest -Headers @{"Accept"="application/json"}
+$json = $latestRelease.Content | ConvertFrom-Json
+$latestVersion = $json.tag_name
+$url = "https://github.com/carlospolop/PEASS-ng/releases/download/$latestVersion/winPEASany.exe"
 
 # One liner to download and execute winPEASany from memory in a PS shell
 $wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
@@ -105,13 +108,9 @@ REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
 
 Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
 
-![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/colors.png)
 
 ## Instructions to compile you own obfuscated version
 
-<details>
-  <summary>Details</summary>
-
 In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*. 
 
 To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
@@ -129,9 +128,10 @@ Once you have installed and activated it you need to:
 
 ![](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/winPEAS/winPEASexe/images/dotfuscator.PNG)
 
-**IMPORTANT**: Note that Defender will higly probable delete the winpeas iintial unobfuscated version, so you need to set as expections the origin folder of Winpeas and the folder were the obfuscated version will be saved:
+
-![](https://user-images.githubusercontent.com/1741662/148418852-e7ffee6a-c270-4e26-bf38-bb8977b3ad9c.png)
+## Colors
-</details>
+
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/colors.png)
 
 ## Checks