Merge 33f4ca923c into b3c12e22b6

.github/workflows/CI-master_tests.yml

@@ -285,8 +285,8 @@ jobs:
         run: linPEAS/linpeas.sh -h
       
       # Run macpeas parts to test it
-      #- name: Run macpeas
+      - name: Run macpeas
-      #  run: linPEAS/linpeas.sh -D -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
+        run: linPEAS/linpeas.sh -D -o system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information
 
      
   Publish_release:

README.md

@@ -24,18 +24,14 @@ Find the **latest versions of all the scripts and binaries in [the releases page
 ## JSON, HTML & PDF output
 Check the **[parsers](./parsers/)** directory to **transform PEASS outputs to JSON, HTML and PDF**
 
-## Support PEASS-ng and HackTricks and get benefits
-
-Do you want to have **access the latest version of Hacktricks and PEASS**, obtain a **PDF copy of Hacktricks**, and more? Discover the **brand new [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop?frequency=one-time) for individuals and companies**.
-
-**LinPEAS, WinPEAS and MacPEAS** aren’t enough for you? Welcome [**The PEASS Family**](https://opensea.io/collection/the-peass-family/), a limited collection of [**exclusive NFTs**](https://opensea.io/collection/the-peass-family/) of our favourite PEASS in disguise, designed by my team. Go **get your favourite and make it yours!** And if you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**
-
-You can also, join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) to learn about latest news in cybersecurity and meet other cybersecurity enthusiasts, or follow me on Twitter 🐦 [@carlospolopm](https://twitter.com/carlospolopm).
-
 ## Let's improve PEASS together
 
 If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
 
+## PEASS Style
+
+Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
+
 ## Advisory
 
 All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.

build_lists/sensitive_files.yaml

@@ -92,9 +92,7 @@ cap_setgid_markup: "peass{CAP_SETGID_HERE}"
 les_markup: "peass{LES}"
 les2_markup: "peass{LES2}"
 
-fat_linpeas_amicontained_markup: "peass{AMICONTAINED}"
+
-fat_linpeas_gitleaks_linux_markup: "peass{GITLEAKS_LINUX}"
-fat_linpeas_gitleaks_macos_markup: "peass{GITLEAKS_MACOS}"
 
 ##############################
 ## AUTO GENERATED VARIABLES ##
@@ -120,7 +118,7 @@ defaults:
   check_extra_path: ""        #Check if the found files are in a specific path (only linpeas)
   good_regex: ""              #The regex to color green
   just_list_file: False       #Just mention the path to the file, do not cat it
-  line_grep: ""               #The regex to grep lines in a file. IMPORTANT: This is the argument for "grep" command so you need to specify the single and double quotes (see examples). Use double quotes to indicate the interesting things to grep as winpeas greps the things inside th double qoutes.
+  line_grep: ""               #The regex to grep lines in a file. IMPORTANT: This is the argument for "grep" command so you need to specify the single and double quotes (see examples)
   only_bad_lines: False       #Only print lines containing something red (cnotaining bad_regex)
   remove_empty_lines: False   #Remove empty lines, use only for text files (-I param in grep)
   remove_path: ""             #Not interested in files containing this path (only linpeas)
@@ -319,24 +317,6 @@ search:
                 search_in: 
                   - common
 
-          - name: "passwd.ibd"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "password*.ibd"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "pwd.ibd"
-            value: 
-                type: f
-                search_in: 
-                  - common
-
   - name: MariaDB
     value:
         config:
@@ -403,16 +383,14 @@ search:
                 search_in: 
                   - common
     
-  - name: Apache-Nginx
+  - name: Apache
     value:
         config:
             auto_check: True
             exec:
-            - 'echo "Apache version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)"'
+            - 'echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)"'
-            - 'echo "Nginx version: $(warn_exec nginx -v 2>/dev/null)"'
-            - if [ -d "/etc/apache2" ] && [ -r "/etc/apache2" ]; then 'grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null'; fi
-            - if [ -d "/usr/share/nginx/modules" ] && [ -r "/usr/share/nginx/modules" ]; then print_3title 'Nginx modules'; ls /usr/share/nginx/modules | sed -${E} "s,$NGINX_KNOWN_MODULES,${SED_GREEN},g"; fi
             - "print_3title 'PHP exec extensions'"
+            - 'grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null'
     
         files:
             - name: "sites-enabled"
@@ -421,7 +399,8 @@ search:
                 files:
                     - name: "*"
                       value:
-                        bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias|command on"
+                        bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias"
+                        only_bad_lines: True
                         remove_empty_lines: True
                         remove_regex: '#'
                 search_in: 
@@ -430,7 +409,6 @@ search:
             - name: "000-default.conf"
               value: 
                 bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias"
-                remove_regex: '#'
                 type: f
                 search_in: 
                     - common
@@ -439,7 +417,7 @@ search:
               value: 
                 bad_regex: "On"
                 remove_regex: "^;"
-                line_grep: '"allow_"'
+                line_grep: "allow_"
                 type: f
                 search_in: 
                     - common
@@ -563,7 +541,6 @@ search:
           auto_check: True
           exec:
             - 'echo "Version: $(warn_exec mongo --version 2>/dev/null; warn_exec mongod --version 2>/dev/null)"'
-            - if [ "$(command -v mongo)" ]; then echo "show dbs" | mongo 127.0.0.1 > /dev/null 2>&1;[ "$?" == "0" ] && echo "Possible mongo anonymous authentication" | sed -${E} "s,.*|kube,${SED_RED},"; fi
 
         files:
           - name: "mongod*.conf"
@@ -574,21 +551,6 @@ search:
               search_in: 
                 - common
   
-  - name: Rocketchat
-    value:
-        config:
-          auto_check: True
-
-        files:
-          - name: "rocketchat.service"
-            value: 
-                bad_regex: "mongodb://.*"
-                line_grep: '-i "Environment"'
-                type: f
-                search_in: 
-                  - common
-                  - /lib
-                  - /systemd
   
   - name: Supervisord
     value:
@@ -707,34 +669,6 @@ search:
                 search_in: 
                   - /etc
   
-  - name: GlusterFS
-    value:
-        config:
-          auto_check: True
-
-        files:
-          - name: "glusterfs.pem"
-            value: 
-                type: f
-                just_list_file: True
-                search_in: 
-                  - common
-          
-          - name: "glusterfs.ca"
-            value: 
-                type: f
-                just_list_file: True
-                search_in: 
-                  - common
-          
-          - name: "glusterfs.key"
-            value: 
-                type: f
-                just_list_file: True
-                search_in: 
-                  - common
-  
-  
   - name: Anaconda ks
     value:
         config:
@@ -772,74 +706,32 @@ search:
                 search_in: 
                   - common
 
-  - name: Kubernetes
+  - name: Kubelet
     value:
         config:
           auto_check: True
-          exec:
-          - (env || set) | grep -Ei "kubernetes|kube" | grep -v "PSTORAGE_KUBERNETES|USEFUL_SOFTWARE" | sed -${E} "s,kubernetes|kube,${SED_RED},"
 
+        files:
+          - name: "kubelet"
+            value: 
                 files:
                   - name: "kubeconfig"
                     value:
                         bad_regex: "server:|cluster:|namespace:|user:|exec:"
                 type: d
-            search_in: 
-              - common
-          
-          - name: "kubelet-kubeconfig"
-            value:
-                bad_regex: "server:|cluster:|namespace:|user:|exec:"
-            type: d
-            search_in: 
-              - common
-            
-          - name: "psk.txt"
-            value:
-                remove_empty_lines: True
-                bad_regex: ".*"
-                type: f
-                search_in: 
-                  - common
-
-          - name: ".kube*"
-            value: 
-                files:
-                  - name: "config"
-                    value:
-                        bad_regex: "server:|cluster:|namespace:|user:|exec:"
-                type: d
-                search_in: 
-                  - common
-
-          - name: "kubelet"
-            value: 
-                files:
-                  - name: "kubelet.conf"
-                    value:
-                        bad_regex: "server:|cluster:|namespace:|user:|exec:"
-                  - name: "config.yaml"
-                    value:
-                        bad_regex: "server:|cluster:|namespace:|user:|exec:"
-                  - name: "kubeadm-flags.env"
-                    value:
-                        remove_empty_lines: True
-                type: d
                 search_in: 
                   - /var
           
           - name: "kube-proxy"
             value: 
+                files:
+                  - name: "kubeconfig"
+                    value:
+                        bad_regex: "cluster:|certificate-authority-data:|namespace:|user:|token:"
                 type: d
                 search_in: 
                   - /var
   
-          - name: "kubernetes"
-            value: 
-                type: d
-                search_in: 
-                  - /etc
-  
   - name: VNC
     value:
         config:
@@ -859,7 +751,6 @@ search:
           - name: "*vnc*.c*nf*"
             value: 
                 bad_regex: ".*"
-                remove_regex: '^#'
                 type: f
                 search_in: 
                   - common
@@ -1049,6 +940,7 @@ search:
                 type: f
                 search_in: 
                   - /tmp
+                  - /private
       
   - name: SSH_CONFIG
     value:
@@ -1069,12 +961,12 @@ search:
           auto_check: True
 
         files:
-          #- name: "credentials"
+          - name: "credentials"
-          #  value: 
+            value: 
-          #      bad_regex: ".*"
+                bad_regex: ".*"
-          #      type: f
+                type: f
-          #      search_in: 
+                search_in: 
-          #        - common
+                  - common
       
           - name: "credentials.db"
             value: 
@@ -1624,37 +1516,6 @@ search:
                 search_in: 
                   - common
 
-          - name: "dockershim.sock"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "containerd.sock"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "crio.sock"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "frakti.sock"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "rktlet.sock"
-            value: 
-                type: f
-                search_in: 
-                  - common
-
-
   - name: Firefox
     value:
         disable:
@@ -2706,7 +2567,7 @@ search:
                 search_in: 
                   - common
 
-  - name: Other Interesting
+  - name: Other Interesting Files
     value:
         config:
           auto_check: True
@@ -2775,7 +2636,7 @@ search:
                 search_in: 
                   - common
 
-  - name: Windows
+  - name: Windows Files
     value:
         config:
           auto_check: True
@@ -3124,7 +2985,7 @@ search:
                 search_in:
                   - common
 
-  - name: Other Windows
+  - name: Other Windows Files
     value:
         config:
           auto_check: True

linPEAS/builder/linpeas_parts/1_system_information.sh

@@ -21,33 +21,17 @@ else echo_not_found "sudo"
 fi
 echo ""
 
-#-- SY) CVEs
-print_2title "CVEs Check"
-
 #-- SY) CVE-2021-4034
 if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then 
     echo "Vulnerable to CVE-2021-4034" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
 fi
 
 #-- SY) CVE-2021-3560
 polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
-if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(rpm -qa | grep polkit | grep -c '0.117-2\|0.115-6')" -ge 1 ]]; then
+if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" ]]; then
     echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
 fi
 
-#-- SY) CVE-2022-0847
-#-- https://dirtypipe.cm4all.com/
-#-- https://stackoverflow.com/a/37939589
-kernelversion=$(uname -r | awk -F"-" '{print $1}')
-kernelnumber=$(echo $kernelversion | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')
-if [[ $kernelnumber -ge 5008000000 && $kernelnumber -lt 5017000000 ]]; then # if kernel version beteen 5.8 and 5.17
-    echo "Vulnerable to CVE-2022-0847" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-echo ""
-
 #--SY) USBCreator
 if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
     print_2title "USBCreator"
@@ -104,8 +88,8 @@ fi
 
 if [ -f "/etc/fstab" ] || [ "$DEBUG" ]; then
     print_2title "Unmounted file-system?"
-    print_info "Check if you can mount unmounted devices"
+    print_info "Check if you can mount umounted devices"
-    grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED},g" | sed -${E} "s%$mounted%${SED_BLUE}%g" | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g"
+    grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g"
     echo ""
 fi
 
@@ -124,7 +108,7 @@ fi
 #-- SY) Environment vars
 print_2title "Environment"
 print_info "Any private information inside environment variables?"
-(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set"
+(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_KUBELET" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set"
 echo ""
 
 #-- SY) Dmesg
@@ -152,7 +136,7 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
     if [ "$EXTRA_CHECKS" ]; then
         echo $les_b64 | base64 -d | bash -s -- --checksec | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | sed -E "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
     else
-        echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
+        echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\],*,${SED_RED},g"
     fi
     echo ""
 fi

linPEAS/builder/linpeas_parts/3_procs_crons_timers_srvcs_sockets.sh

@@ -76,7 +76,7 @@ crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g
 command -v incrontab 2>/dev/null || echo_not_found "incrontab"
 incrontab -l 2>/dev/null
 ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
-cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},"  | sed "s,root,${SED_RED},"
+cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},"  | sed "s,root,${SED_RED},"
 crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
 ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths
 atq 2>/dev/null

linPEAS/builder/linpeas_parts/5_users_information.sh

@@ -68,7 +68,7 @@ fi
 if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
   echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
 fi
-for filename in /etc/sudoers.d/*; do
+for filename in '/etc/sudoers.d/*'; do
   if [ -r "$filename" ]; then
     echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g"
     grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},"

linPEAS/builder/linpeas_parts/6_software_information.sh

@@ -2,8 +2,6 @@
 #--------) Software Information (---------#
 ###########################################
 
-NGINX_KNOWN_MODULES="ngx_http_geoip_module.so|ngx_http_xslt_filter_module.so|ngx_stream_geoip_module.so|ngx_http_image_filter_module.so|ngx_mail_module.so|ngx_stream_module.so"
-
 #-- SI) Useful software
 print_2title "Useful software"
 for tool in $USEFUL_SOFTWARE; do command -v "$tool"; done
@@ -80,46 +78,30 @@ fi
 if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
   print_2title "Searching mysql credentials and exec"
   printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do
-    if [ -f "$d" ]; then
-      STRINGS="`command -v strings`"
-      echo "Potential file containing credentials:"
-      ls -l "$d"
-      if [ "$STRINGS" ]; then
-        strings "$d"
-      else
-        echo "Strings not found, cat the file and check it to get the creds"
-      fi
-
-    else
     for f in $(find $d -name debian.cnf 2>/dev/null); do
       if [ -r "$f" ]; then
         echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED},"
         cat "$f"
       fi
     done
-      
     for f in $(find $d -name user.MYD 2>/dev/null); do
       if [ -r "$f" ]; then
         echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED},"
-          grep -oaE "[-_\.\*a-Z0-9]{3,}" "$f" | grep -v "mysql_native_password"
+        grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password"
       fi
     done
-      
     for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do
       if [ -r "$f" ]; then
         u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null)
         echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
       fi
     done
-      
     for f in $(find $d -name my.cnf 2>/dev/null); do
       if [ -r "$f" ]; then
         echo "Found readable $f"
         grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED},"
       fi
     done
-    fi
-    
     mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so")
     if [ "$mysqlexec" ]; then
       echo "Found $mysqlexec"
@@ -160,7 +142,7 @@ fi
 
 peass{Mongo}
 
-peass{Apache-Nginx}
+peass{Apache}
 
 peass{Tomcat}
 
@@ -210,7 +192,7 @@ if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CER
 sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)"
 hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)"
 hostsallow="$(ls /etc/hosts.allow 2>/dev/null)"
-writable_agents=$(find /tmp /etc /home -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)
+writable_agents=$(find $folder_path -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')')
 
 peass{SSH}
 
@@ -566,17 +548,25 @@ fi
 #-- SI) Docker
 if [ "$PSTORAGE_DOCKER" ] || [ "$DEBUG" ]; then
   print_2title "Searching docker files (limit 70)"
-  print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation"
+  print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket"
   printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do
     ls -l "$f" 2>/dev/null
     if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then
-      echo "Docker related socket ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+      echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
     fi
   done
   echo ""
 fi
 
-peass{Kubernetes}
+if [ -d "$HOME/.kube" ] || [ -d "/etc/kubernetes" ] || [ -d "/var/lib/localkube" ] || [ "`(env | set) | grep -Ei 'kubernetes|kube' | grep -v "PSTORAGE_KUBELET|USEFUL_SOFTWARE"`" ] || [ "$DEBUG" ]; then
+  print_2title "Kubernetes information" | sed -${E} "s,config,${SED_RED},"
+  ls -l "$HOME/.kube" 2>/dev/null
+  grep -ERH "client-secret:|id-token:|refresh-token:" "$HOME/.kube" 2>/dev/null | sed -${E} "s,client-secret:.*|id-token:.*|refresh-token:.*,${SED_RED},"
+  (env || set) | grep -Ei "kubernetes|kube" | grep -v "PSTORAGE_KUBELET|USEFUL_SOFTWARE" | sed -${E} "s,kubernetes|kube,${SED_RED},"
+  ls -Rl /etc/kubernetes /var/lib/localkube 2>/dev/null
+fi
+
+peass{Kubelet}
 
 peass{Firefox}
 
@@ -632,20 +622,6 @@ peass{EXTRA_SECTIONS}
 
 peass{Interesting logs}
 
-peass{Windows}
+peass{Windows Files}
 
-peass{Other Interesting}
+peass{Other Interesting Files}
-
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
-  print_2title "Checking leaks in git repositories"
-  printf "%s\n" "$PSTORAGE_GITHUB" | while read f; do
-    if echo "$f" | grep -Eq ".git$"; then
-      git_dirname=$(dirname "$f")
-      if [ "$MACPEAS" ]; then
-        execBin "GitLeaks (checking $git_dirname)" "https://github.com/zricethezav/gitleaks" "$FAT_LINPEAS_GITLEAKS_MACOS" "detect -s '$git_dirname' -v | grep -E 'Description|Match|Secret|Message|Date'"
-      else
-        execBin "GitLeaks (checking $git_dirname)" "https://github.com/zricethezav/gitleaks" "$FAT_LINPEAS_GITLEAKS_LINUX" "detect -s '$git_dirname' -v | grep -E 'Description|Match|Secret|Message|Date'"
-      fi
-    fi
-  done
-fi

linPEAS/builder/linpeas_parts/7_interesting_files.sh

@@ -257,18 +257,12 @@ if [ "$broken_links" ] || [ "$DEBUG" ]; then
   echo ""
 fi
 
+
 if [ "$MACPEAS" ]; then
   print_2title "Unsigned Applications"
   macosNotSigned /System/Applications
 fi
 
-##-- IF) Unexpected in /opt
-if [ "$(ls /opt 2>/dev/null)" ]; then
-  print_2title "Unexpected in /opt (usually empty)"
-  ls -la /opt
-  echo ""
-fi
-
 ##-- IF) Unexpected folders in /
 print_2title "Unexpected in root"
 if [ "$MACPEAS" ]; then

linPEAS/builder/linpeas_parts/linpeas_base.sh

@@ -220,7 +220,7 @@ print_support () {
     |---------------------------------------------------------------------------| 
     |         ${YELLOW}Become a Patreon${GREEN}    :     ${RED}https://www.patreon.com/peass${GREEN}           |
     |         ${YELLOW}Follow on Twitter${GREEN}   :     ${RED}@carlospolopm${GREEN}                           |
-    |         ${YELLOW}Respect on HTB${GREEN}      :     ${RED}SirBroccoli            ${GREEN}                 |
+    |         ${YELLOW}Respect on HTB${GREEN}      :     ${RED}SirBroccoli & makikvues${GREEN}                 |
     |---------------------------------------------------------------------------|
     |                                 ${BLUE}Thank you! ${GREEN}                               |
     \---------------------------------------------------------------------------/
@@ -473,7 +473,7 @@ while $SEDOVERFLOW; do
   #else
   #  WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" -and '(' -writable -or -user $USER ')' 2>/dev/null | sort`
   #fi
-  Wfolders=$(printf "%s" "$WF" | tr '\n' '|')"|[a-zA-Z]+[a-zA-Z0-9]* +\*"
+  Wfolders=$(printf "%s" "$WF" | tr '\n' '|')"|[^\*][^\ ]*\ \*"
   Wfolder="$(printf "%s" "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1)"
   printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" >/dev/null 2>&1
   if [ $? -eq 0 ]; then

parsers/README.md

@@ -74,8 +74,6 @@ There is a **maximun of 3 levels of sections**.
 
 There can also be a `<Third level Section Name>`
 
-If you need to transform several outputs check out https://github.com/mnemonic-re/parsePEASS
-
 # TODO:
 
 - **PRs improving the code and the aspect of the final PDFs and HTMLs are always welcome!**

parsers/peas2json.py

@@ -145,7 +145,7 @@ def parse_line(line: str):
 
 
 def main():
-    for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
+    for line in open(OUTPUT_PATH, 'r').readlines():
         line = line.strip()
         if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
             continue

winPEAS/winPEASexe/winPEAS/Checks/Checks.cs

@@ -42,7 +42,7 @@ namespace winPEAS.Checks
         private static readonly HashSet<string> _systemCheckSelectedKeysHashSet = new HashSet<string>();
 
         // github url for Linpeas.sh
-        public static string LinpeasUrl = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh";
+        public static string LinpeasUrl = "https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh";
 
         public const string DefaultLogFile = "out.txt";
 
@@ -80,7 +80,7 @@ namespace winPEAS.Checks
                 new SystemCheck("windowscreds", new WindowsCreds()),
                 new SystemCheck("browserinfo", new BrowserInfo()),
                 new SystemCheck("filesinfo", new FilesInfo()),
-                new SystemCheck("fileanalysis", new FileAnalysis())
+                new SystemCheck("fileAnalysis", new FileAnalysis())
             };
 
             var systemCheckAllKeys = new HashSet<string>(_systemChecks.Select(i => i.Key));

winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs

@@ -62,7 +62,7 @@ namespace winPEAS.Checks
             return files;
         }
 
-        private static bool[] Search(List<CustomFileInfo> files, string fileName, FileSettings fileSettings, ref int resultsCount, string searchName, bool somethingFound)
+        private static bool Search(List<CustomFileInfo> files, string fileName, FileSettings fileSettings, ref int resultsCount)
         {
             bool isRegexSearch = fileName.Contains("*");
             string pattern = string.Empty;
@@ -86,18 +86,13 @@ namespace winPEAS.Checks
 
                 if (isFileFound)
                 {
-                    if (!somethingFound) {
-                        Beaprint.MainPrint($"Found {searchName} Files");
-                        somethingFound = true;
-                    }
-
                     // there are no inner sections
                     if (fileSettings.files == null)
                     {
                         var isProcessed = ProcessResult(file, fileSettings, ref resultsCount);
                         if (!isProcessed)
                         {
-                            return new bool[] { true, somethingFound };
+                            return true;
                         }
                     }
                     // there are inner sections
@@ -114,7 +109,7 @@ namespace winPEAS.Checks
                                 var isProcessed = ProcessResult(innerFile, innerFileToSearch.value, ref resultsCount);
                                 if (!isProcessed)
                                 {
-                                    return new bool[] { true, somethingFound };
+                                    return true;
                                 }
                             }
                         }
@@ -122,7 +117,7 @@ namespace winPEAS.Checks
                 }
             }
 
-            return new bool[] { false, somethingFound };
+            return false;
         }
        
         private static void PrintYAMLSearchFiles()
@@ -138,17 +133,15 @@ namespace winPEAS.Checks
 
                 foreach (var searchItem in searchItems)
                 {
-                    if (searchItem.name != "Wifi Connections")
-                        continue;
                     var searchName = searchItem.name;
                     var value = searchItem.value;
                     var searchConfig = value.config;
-                    bool somethingFound = false;
 
                     CheckRunner.Run(() =>
                     {
+                        Beaprint.MainPrint($"Analyzing {searchName} Files (limit {ListFileLimit})");
+
                         int resultsCount = 0;
-                        bool[] results;
                         bool isSearchFinished = false;
 
                         foreach (var file in value.files)
@@ -157,10 +150,7 @@ namespace winPEAS.Checks
                             var fileSettings = file.value;
                             var itemsToSearch = fileSettings.type == "f" ? files : folders;
 
-                            results = Search(itemsToSearch, fileName, fileSettings, ref resultsCount, searchName, somethingFound);
+                            isSearchFinished = Search(itemsToSearch, fileName, fileSettings, ref resultsCount);
-
-                            isSearchFinished = results[0];
-                            somethingFound = results[1];
 
                             if (isSearchFinished)
                             {
@@ -203,21 +193,17 @@ namespace winPEAS.Checks
 
             if (fileSettings.type == "f")
             {
-                var colors = new Dictionary<string, string>();
+                if ((bool)fileSettings.just_list_file)
-                colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
+                {
-                Beaprint.AnsiPrint($"File: {fileInfo.FullPath}", colors);
+                    Beaprint.BadPrint($"    {fileInfo.FullPath}");
-
+                }
-                if   (!(bool)fileSettings.just_list_file)
+                else
                 {
                     GrepResult(fileInfo, fileSettings);
                 }
             }
             else if (fileSettings.type == "d")
             {
-                var colors = new Dictionary<string, string>();
-                colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
-                Beaprint.AnsiPrint($"Folder: {fileInfo.FullPath}", colors);
-
                 // just list the directory 
                 if ((bool)fileSettings.just_list_file)
                 {
@@ -239,6 +225,8 @@ namespace winPEAS.Checks
 
         private static void GrepResult(CustomFileInfo fileInfo, FileSettings fileSettings)
         {
+            Beaprint.NoColorPrint($"    '{fileInfo.FullPath}' - content:");
+
             var fileContent = File.ReadLines(fileInfo.FullPath);
             var colors = new Dictionary<string, string>();
 
@@ -284,7 +272,6 @@ namespace winPEAS.Checks
 
             Beaprint.AnsiPrint(content, colors);
 
-            if (content.Length > 0)
             Console.WriteLine();
         }
 
@@ -294,16 +281,7 @@ namespace winPEAS.Checks
             // '-i -a -o "description.*" | sort | uniq'
             // - remove everything except from "description.*"
 
-            Regex regex;
+            Regex regex = new Regex("\"([^\"]+)\"");
-            if (lineGrep.Contains("-i"))
-            {
-                regex = new Regex("\"([^\"]+)\"", RegexOptions.IgnoreCase);
-            }
-            else
-            {
-                regex = new Regex("\"([^\"]+)\"");
-            }
-
             Match match = regex.Match(lineGrep);
 
             if (match.Success)

winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs

@@ -44,31 +44,32 @@ namespace winPEAS.Helpers
         public static void PrintBanner()
         {
             Console.WriteLine(BLUE + string.Format(@"     
-               {0}((((((((((((((((((((((((((((((((
+             {0}*((,.,/((((((((((((((((((((/,  */               
-        {0}(((((((((((((((((((((((((((((((((((((((((((
+      {0},/*,..*((((((((((((((((((((((((((((((((((,           
-      {0}(((((((((((((({2}**********/{1}##########{0}.((((((((((((   
+    {0},*/((((((((((((((((((/,  .*//((//**, .*(((((((*       
-    {0}(((((((((((/{2}********************/{1}#######{0}.((((((((((
+    {0}(((((((((((((((({2}**********/{1}########## {0}.(* ,(((((((   
-    {0}(((((((.{2}******************{3}/@@@@@/{0}{2}****{1}######{0}.(((((((((
+    {0}(((((((((((/{2}********************/{1}####### {0}.(. (((((((
-    {0}(((((.{2}********************{3}@@@@@@@@@@/{0}{2}***,{1}####{0}.(((((((((
+    {0}((((((..{2}******************{3}/@@@@@/{2}***/{1}###### {0}./(((((((
-    {0}((((.{2}********************{3}/@@@@@%@@@@{0}{2}/********{1}##{0}(((((((((
+    {0},,....{2}********************{3}@@@@@@@@@@{2}(***,{1}#### {0}.//((((((
-    {0}.(({1}############{2}*********{3}/%@@@@@@@@@{0}{2}/************{0}.(((((((
+    {0}, ,..{2}********************{3}/@@@@@%@@@@{2}/********{1}##{0}((/ /((((
-    {0}.({1}##################(/{2}******{3}/@@@@@{0}{2}/***************{0}.(((((
+    {0}..(({1}###########{2}*********{3}/%@@@@@@@@@{2}/************{0},,..((((
-    {0}.({1}#########################(/{2}**********************{0}.((((
+    {0}.({1}##################(/{2}******{3}/@@@@@{2}/***************{0}.. /((
-    {0}.({1}##############################(/{2}*****************{0}.((((
+    {0}.({1}#########################(/{2}**********************{0}..*((
-    {0}.({1}###################################(/{2}************{0}.((((
+    {0}.({1}##############################(/{2}*****************{0}.,(((
-    {0}.({1}#######################################({2}*********{0}.((((
+    {0}.({1}###################################(/{2}************{0}..(((
-    {0}.({1}#######(,.***.,(###################(..***.{2}*******{0}.((((
+    {0}.({1}#######################################({2}*********{0}..(((
-    {0}.({1}#######*(#####((##################((######/({2}*****{0}.((((
+    {0}.({1}#######(,.***.,(###################(..***.{2}*******{0}..(((
-    {0}.({1}###################(/***********(##############({0}).((((
+    {0}.({1}#######*(#####((##################((######/({2}*****{0}..(((
-    {0}.(({1}#####################/*******(################{0})((((((
+    {0}.({1}###################(/***********(##############({0}...(((
-    {0}.((({1}############################################{0}).(((((
+    {0}.(({1}#####################/*******(################{0}.((((((
-    {0}..((({1}##########################################{0}).((((((
+    {0}.((({1}############################################{0}(..((((
-    {0}....(({1}########################################{0}).((((((
+    {0}..((({1}##########################################{0}(..(((((
-    {0}......(({1}####################################{0}).(((((((
+    {0}....(({1}########################################{0}( .(((((
-    {0}((((((((({1}#################################{0}).((((((((
+    {0}......(({1}####################################{0}( .((((((
-        {0}(((((((((/{1}##########################{0}).((((((((
+    {0}((((((((({1}#################################{0}(../((((((
-              {0}((((((((((((((((((((((((((((((((((((((
+        {0}(((((((((/{1}##########################{0}(/..((((((
-                 {0}((((((((((((((((((((((((((((((", LGREEN, GREEN, BLUE, NOCOLOR) + NOCOLOR);
+              {0}(((((((((/,.  ,*//////*,. ./(((((((((((((((.
+                 {0}(((((((((((((((((((((((((((((/", LGREEN, GREEN, BLUE, NOCOLOR) + NOCOLOR);
 
             Console.WriteLine();
             Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Advisory);
@@ -135,8 +136,7 @@ namespace winPEAS.Helpers
             Console.WriteLine(LBLUE + "        networkinfo" + GRAY + "          Search network information" + NOCOLOR);
             Console.WriteLine(LBLUE + "        windowscreds" + GRAY + "         Search windows credentials" + NOCOLOR);
             Console.WriteLine(LBLUE + "        browserinfo" + GRAY + "          Search browser information" + NOCOLOR);
-            Console.WriteLine(LBLUE + "        filesinfo" + GRAY + "            Search generic files that can contains credentials" + NOCOLOR);
+            Console.WriteLine(LBLUE + "        filesinfo" + GRAY + "            Search files that can contains credentials" + NOCOLOR);
-            Console.WriteLine(LBLUE + "        fileanalysis" + GRAY + "         Search specific files that can contains credentials" + NOCOLOR);
             Console.WriteLine(LBLUE + "        eventsinfo" + GRAY + "           Display interesting events information" + NOCOLOR);
             Console.WriteLine(LBLUE + "        wait" + GRAY + "                 Wait for user input between checks" + NOCOLOR);
             Console.WriteLine(LBLUE + "        debug" + GRAY + "                Display debugging information - memory usage, method execution time" + NOCOLOR);

winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs

@@ -25,7 +25,6 @@ namespace winPEAS.Helpers.Search
             ConcurrentBag<CustomFileInfo> files = new ConcurrentBag<CustomFileInfo>();
             IEnumerable<DirectoryInfo> startDirs = GetStartDirectories(folder, files, pattern, isFoldersIncluded);
             IList<DirectoryInfo> startDirsExcluded = new List<DirectoryInfo>();
-            IList<string> known_dirs = new List<string>();
 
             if (excludedDirs != null)
             {
@@ -52,17 +51,8 @@ namespace winPEAS.Helpers.Search
                 Parallel.ForEach(GetStartDirectories(d.FullName, files, pattern, isFoldersIncluded), (dir) =>
                 {
                     GetFiles(dir.FullName, pattern).ForEach(
-                        (f) => {
+                        (f) =>
-                            CustomFileInfo file_info = new CustomFileInfo(f.Name, f.Extension, f.FullName, false);
+                            files.Add(new CustomFileInfo(f.Name, f.Extension, f.FullName, false))
-                            files.Add(file_info);
-                            
-                            CustomFileInfo file_dir = new CustomFileInfo(f.Directory.Name, "", f.Directory.FullName, true);
-                            if (!known_dirs.Contains(file_dir.FullPath))
-                            {
-                                known_dirs.Add(file_dir.FullPath);
-                                files.Add(file_dir);
-                            }
-                            }
                         );
                 });
             });
@@ -185,28 +175,29 @@ namespace winPEAS.Helpers.Search
 
             // c:\users\current_user
             string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
-            SearchHelper.RootDirCurrentUser = SearchHelper.GetFilesFast(rootCurrentUserSearchPath, GlobalPattern, isFoldersIncluded: true);
+            SearchHelper.RootDirCurrentUser = SearchHelper.GetFilesFast(rootCurrentUserSearchPath, GlobalPattern);
 
             // c:\Program Files\
             string rootProgramFiles = $"{SystemDrive}\\Program Files\\";
-            SearchHelper.ProgramFiles = SearchHelper.GetFilesFast(rootProgramFiles, GlobalPattern, isFoldersIncluded: true);
+            SearchHelper.ProgramFiles = SearchHelper.GetFilesFast(rootProgramFiles, GlobalPattern);
 
             // c:\Program Files (x86)\
             string rootProgramFilesX86 = $"{SystemDrive}\\Program Files (x86)\\";
-            SearchHelper.ProgramFilesX86 = SearchHelper.GetFilesFast(rootProgramFilesX86, GlobalPattern, isFoldersIncluded: true);
+            SearchHelper.ProgramFilesX86 = SearchHelper.GetFilesFast(rootProgramFilesX86, GlobalPattern);
 
             // c:\Documents and Settings\
             string documentsAndSettings = $"{SystemDrive}\\Documents and Settings\\";
-            SearchHelper.DocumentsAndSettings = SearchHelper.GetFilesFast(documentsAndSettings, GlobalPattern, isFoldersIncluded: true);
+            SearchHelper.DocumentsAndSettings = SearchHelper.GetFilesFast(documentsAndSettings, GlobalPattern);
 
             // c:\ProgramData\Microsoft\Group Policy\History
             string groupPolicyHistory = $"{SystemDrive}\\ProgramData\\Microsoft\\Group Policy\\History";
-            SearchHelper.GroupPolicyHistory = SearchHelper.GetFilesFast(groupPolicyHistory, GlobalPattern, isFoldersIncluded: true);
+            SearchHelper.GroupPolicyHistory = SearchHelper.GetFilesFast(groupPolicyHistory, GlobalPattern);
 
             // c:\Documents and Settings\All Users\Application Data\\Microsoft\\Group Policy\\History
             string groupPolicyHistoryLegacy = $"{documentsAndSettings}\\All Users\\Application Data\\Microsoft\\Group Policy\\History";
             //SearchHelper.GroupPolicyHistoryLegacy = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, globalPattern);
-            var groupPolicyHistoryLegacyFiles = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern, isFoldersIncluded: true);
+            var groupPolicyHistoryLegacyFiles = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern);
+
             SearchHelper.GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
         }
 

winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs

@@ -217,17 +217,13 @@ namespace winPEAS.Info.ServicesInfo
                     {
                         if (SIDs.ContainsKey(ace.SecurityIdentifier.ToString()))
                         {
-                            string aceType = ace.AceType.ToString();
-                            if (!(aceType.Contains("Denied")))
-                            { //https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.commonace?view=net-6.0
                             int serviceRights = ace.AccessMask;
-                                string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, PermissionType.WRITEABLE_OR_EQUIVALENT_SVC);
 
+                            string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, PermissionType.WRITEABLE_OR_EQUIVALENT_SVC);
                             if (!string.IsNullOrEmpty(current_perm_str) && !permissions.Contains(current_perm_str))
                                 permissions.Add(current_perm_str);
                         }
                     }
-                    }
 
                     if (permissions.Count > 0)
                     {

winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs

@@ -5,12 +5,12 @@ using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
-[assembly: AssemblyTitle("")]
+[assembly: AssemblyTitle("asdas2dasd")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("")]
+[assembly: AssemblyProduct("asdas2dasd")]
-[assembly: AssemblyCopyright("")]
+[assembly: AssemblyCopyright("Copyright ©  2019")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 

winPEAS/winPEASexe/winPEAS/winPEAS.csproj

@@ -14,21 +14,6 @@
     <NuGetPackageImportStamp>
     </NuGetPackageImportStamp>
     <TargetFrameworkProfile />
-    <PublishUrl>publish\</PublishUrl>
-    <Install>true</Install>
-    <InstallFrom>Disk</InstallFrom>
-    <UpdateEnabled>false</UpdateEnabled>
-    <UpdateMode>Foreground</UpdateMode>
-    <UpdateInterval>7</UpdateInterval>
-    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
-    <UpdatePeriodically>false</UpdatePeriodically>
-    <UpdateRequired>false</UpdateRequired>
-    <MapFileExtensions>true</MapFileExtensions>
-    <ApplicationRevision>0</ApplicationRevision>
-    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
-    <IsWebBootstrapper>false</IsWebBootstrapper>
-    <UseApplicationTrust>false</UseApplicationTrust>
-    <BootstrapperEnabled>true</BootstrapperEnabled>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -110,8 +95,7 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
   <PropertyGroup>
-    <StartupObject>
+    <StartupObject>winPEAS.Program</StartupObject>
-    </StartupObject>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
@@ -708,17 +692,5 @@
     <EmbeddedResource Include="Properties\Resources.ru.resx" />
     <EmbeddedResource Include="Properties\Resources.zh-CN.resx" />
   </ItemGroup>
-  <ItemGroup>
-    <BootstrapperPackage Include=".NETFramework,Version=v4.5.2">
-      <Visible>False</Visible>
-      <ProductName>Microsoft .NET Framework 4.5.2 %28x86 and x64%29</ProductName>
-      <Install>true</Install>
-    </BootstrapperPackage>
-    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
-      <Visible>False</Visible>
-      <ProductName>.NET Framework 3.5 SP1</ProductName>
-      <Install>false</Install>
-    </BootstrapperPackage>
-  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>

winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user

@@ -5,7 +5,7 @@
     </StartArguments>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
-    <StartArguments>fileAnalysis</StartArguments>
+    <StartArguments>servicesinfo</StartArguments>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <StartArguments>debug</StartArguments>
@@ -21,14 +21,4 @@
     <StartArguments>
     </StartArguments>
   </PropertyGroup>
-  <PropertyGroup>
-    <PublishUrlHistory>publish\</PublishUrlHistory>
-    <InstallUrlHistory />
-    <SupportUrlHistory />
-    <UpdateUrlHistory />
-    <BootstrapperUrlHistory />
-    <ErrorReportUrlHistory />
-    <FallbackCulture>en-US</FallbackCulture>
-    <VerifyUploadedFiles>false</VerifyUploadedFiles>
-  </PropertyGroup>
 </Project>