mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2025-12-06 17:11:29 +00:00
Compare commits
18 Commits
20250524-a
...
codex/fix-
| Author | SHA1 | Date | |
|---|---|---|---|
|
4e556fd594 | ||
|
|
c3a93a57fe | ||
|
f62d9fc550 | ||
|
|
11e9b8dde6 | ||
|
b9a9ad5ddf | ||
|
|
88f08a405e | ||
|
|
322792c4ec | ||
|
|
c150e63b52 | ||
|
|
7b8dcfbe8d | ||
|
|
aac3667247 | ||
|
|
64ab193d25 | ||
|
|
aab8241ede | ||
|
|
65b98d11ac | ||
|
|
1e72dbeb76 | ||
|
|
c9282b4bdb | ||
|
|
b91334e5b3 | ||
|
|
b7bc20a027 | ||
|
|
4fbe6ffd79 |
11
.github/workflows/CI-master_tests.yml
vendored
11
.github/workflows/CI-master_tests.yml
vendored
@@ -99,6 +99,17 @@ jobs:
|
||||
Write-Error "winPEAS.exe not found at $exePath"
|
||||
}
|
||||
|
||||
- name: Execute winPEAS networkinfo
|
||||
shell: pwsh
|
||||
run: |
|
||||
$Configuration = "Release"
|
||||
$exePath = "winPEAS/winPEASexe/winPEAS/bin/$Configuration/winPEAS.exe"
|
||||
if (Test-Path $exePath) {
|
||||
& $exePath networkinfo
|
||||
} else {
|
||||
Write-Error "winPEAS.exe not found at $exePath"
|
||||
}
|
||||
|
||||
# Copy the built versions
|
||||
- name: Copy all versions
|
||||
run: |
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: echo_not_found, print_2title, print_info
|
||||
# Global Variables:
|
||||
# Global Variables: $NoEnvVars, $EnvVarsRed
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Fat linpeas: 0
|
||||
@@ -35,5 +35,5 @@
|
||||
|
||||
print_2title "Environment"
|
||||
print_info "Any private information inside environment variables?"
|
||||
(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_" | sed -${E} "s,[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set"
|
||||
(env || printenv || set) 2>/dev/null | grep -Eiv "$NoEnvVars" | sed -${E} "s,$EnvVarsRed,${SED_RED},g" || echo_not_found "env || set"
|
||||
echo ""
|
||||
@@ -8,7 +8,7 @@
|
||||
# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, check_external_hostname
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $pid5, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
|
||||
# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $$tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 0
|
||||
|
||||
@@ -19,24 +19,30 @@ print_2title "Internet Access?"
|
||||
TIMEOUT_INTERNET_SECONDS=5
|
||||
|
||||
if [ "$SUPERFAST" ]; then
|
||||
TIMEOUT_INTERNET_SECONDS=2
|
||||
TIMEOUT_INTERNET_SECONDS=2.5
|
||||
fi
|
||||
|
||||
|
||||
# Run all checks in background
|
||||
check_tcp_80 2>/dev/null & pid1=$!
|
||||
check_tcp_443 2>/dev/null & pid2=$!
|
||||
check_tcp_443_bin 2>/dev/null & pid3=$!
|
||||
check_icmp 2>/dev/null & pid4=$!
|
||||
check_dns 2>/dev/null & pid5=$!
|
||||
check_tcp_80 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid1=$!
|
||||
check_tcp_443 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid2=$!
|
||||
check_icmp "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid3=$!
|
||||
check_dns "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid4=$!
|
||||
|
||||
# Kill all after 10 seconds
|
||||
(sleep $TIMEOUT_INTERNET_SECONDS && kill -9 $pid1 $pid2 $pid3 $pid4 $pid5 2>/dev/null) &
|
||||
(sleep $(( $TIMEOUT_INTERNET_SECONDS + 1 )) && kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
|
||||
|
||||
check_tcp_443_bin $TIMEOUT_INTERNET_SECONDS 2>/dev/null
|
||||
tcp443_bin_status=$?
|
||||
|
||||
wait $pid1 $pid2 $pid3 $pid4 2>/dev/null
|
||||
|
||||
|
||||
# Wait for all to finish
|
||||
wait $pid1 $pid2 $pid3 $pid4 $pid5 2>/dev/null
|
||||
wait 2>/dev/null
|
||||
|
||||
if ! [ "$SUPERFAST" ] && ! [ "$NOT_CHECK_EXTERNAL_HOSTNAME" ]; then
|
||||
if [ "$tcp443_bin_status" -eq 0 ] && \
|
||||
[ -z "$SUPERFAST" ] && [ -z "$NOT_CHECK_EXTERNAL_HOSTNAME" ]; then
|
||||
echo ""
|
||||
print_2title "Is hostname malicious or leaked?"
|
||||
print_info "This will check the public IP and hostname in known malicious lists and leaks to find any relevant information about the host."
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
# Title: Interesting Files - Interesting Environment Variables
|
||||
# ID: IF_Interesting_environment_variables
|
||||
# Author: Jack Vaughn
|
||||
# Last Update: 25-05-2025
|
||||
# Description: Searching possible sensitive environment variables inside of /proc/*/environ
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title
|
||||
# Global Variables: $MACPEAS, $NoEnvVars, $EnvVarsRed
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
if [ -z "$MACPEAS" ]; then
|
||||
print_2title "Checking all env variables in /proc/*/environ removing duplicates and filtering out useless env vars"
|
||||
cat /proc/[0-9]*/environ 2>/dev/null | \
|
||||
tr '\0' '\n' | \
|
||||
grep -Eiv "$NoEnvVars" | \
|
||||
sort -u | \
|
||||
sed -${E} "s,$EnvVarsRed,${SED_RED},g"
|
||||
fi
|
||||
@@ -8,25 +8,19 @@
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid, $pids
|
||||
# Generated Global Variables: $TIMEOUT_INTERNET_SECONDS_DNS, $local_pid
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
check_dns(){
|
||||
local TIMEOUT_INTERNET_SECONDS_DNS=$1
|
||||
if ! [ -f "/bin/bash" ]; then
|
||||
echo " /bin/bash not found"
|
||||
return
|
||||
fi
|
||||
|
||||
/bin/bash -c '
|
||||
for ip in 1.1.1.1 8.8.8.8 ; do
|
||||
(( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/$ip/53 && echo "DNS available" && exit 0) &
|
||||
pids+=($!)
|
||||
done
|
||||
for pid in ${pids[@]}; do
|
||||
wait $pid && exit 0
|
||||
done
|
||||
echo "DNS not available"
|
||||
' 2>/dev/null | grep "available" || echo "DNS not available"
|
||||
# example.com
|
||||
(bash -c '((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/1.1.1.1/53 && echo "DNS accessible") | grep "accessible" && exit 0 ) 2>/dev/null || echo "DNS is not accessible"') & local_pid=$!
|
||||
|
||||
sleep $TIMEOUT_INTERNET_SECONDS_DNS && kill -9 $local_pid 2>/dev/null && echo "DNS is not accessible"
|
||||
}
|
||||
@@ -8,11 +8,20 @@
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Generated Global Variables: $TIMEOUT_INTERNET_SECONDS_ICMP, $local_pid
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
check_icmp(){
|
||||
(ping -c 1 1.1.1.1 | grep -E "1 received|1 packets received" && echo "Ping is available" || echo "Ping is not available" 2>/dev/null) | grep -i "available"
|
||||
local TIMEOUT_INTERNET_SECONDS_ICMP=$1
|
||||
if ! [ "$(command -v ping 2>/dev/null || echo -n '')" ]; then
|
||||
echo " ping not found"
|
||||
return
|
||||
fi
|
||||
|
||||
# example.com
|
||||
((ping -c 1 1.1.1.1 2>/dev/null | grep -Ei "1 received|1 packets received" && echo "ICMP is accessible" || echo "ICMP is not accessible" 2>/dev/null) | grep "accessible" && exit 0 ) 2>/dev/null || echo "ICMP is not accessible" & local_pid=$!
|
||||
|
||||
sleep $TIMEOUT_INTERNET_SECONDS_ICMP && kill -9 $local_pid 2>/dev/null && echo "ICMP is not accessible"
|
||||
}
|
||||
@@ -8,30 +8,21 @@
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid, $pids
|
||||
# Generated Global Variables: $local_pid, $TIMEOUT_INTERNET_SECONDS_443
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
|
||||
check_tcp_443(){
|
||||
local TIMEOUT_INTERNET_SECONDS_443=$1
|
||||
if ! [ -f "/bin/bash" ]; then
|
||||
echo " /bin/bash not found"
|
||||
return
|
||||
fi
|
||||
|
||||
/bin/bash -c '
|
||||
for ip in 1.1.1.1 8.8.8.8; do
|
||||
(echo >/dev/tcp/$ip/443 && echo "Port 443 is accessible" && exit 0) &
|
||||
pids+=($!)
|
||||
done
|
||||
for pid in ${pids[@]}; do
|
||||
wait $pid && exit 0
|
||||
done
|
||||
echo "Port 80 is not accessible"
|
||||
' 2>/dev/null | grep "accessible" || echo "Port 80 is not accessible"
|
||||
# example.com
|
||||
(bash -c '(echo >/dev/tcp/104.18.74.230/443 2>/dev/null && echo "Port 443 is accessible" && exit 0) 2>/dev/null || echo "Port 443 is not accessible"') & local_pid=$!
|
||||
|
||||
sleep $TIMEOUT_INTERNET_SECONDS_443 && kill -9 $local_pid 2>/dev/null && echo "Port 443 is not accessible"
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -8,16 +8,39 @@
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Generated Global Variables: $url_lambda, $TIMEOUT_INTERNET_SECONDS_443_BIN
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
|
||||
check_tcp_443_bin () {
|
||||
local TIMEOUT_INTERNET_SECONDS_443_BIN=$1
|
||||
local url_lambda="https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/"
|
||||
|
||||
if command -v curl >/dev/null 2>&1; then
|
||||
curl -s "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/" -H "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1 && echo "Port 443 is accessible with curl" || echo "Port 443 is not accessible with curl"
|
||||
if curl -s --connect-timeout $TIMEOUT_INTERNET_SECONDS_443_BIN "$url_lambda" \
|
||||
-H "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1
|
||||
then
|
||||
echo "Port 443 is accessible with curl"
|
||||
return 0 # ✅ success
|
||||
else
|
||||
echo "Port 443 is not accessible with curl"
|
||||
return 1
|
||||
fi
|
||||
|
||||
elif command -v wget >/dev/null 2>&1; then
|
||||
wget -q -O - "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/" --header "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1 && echo "Port 443 is accessible with wget" || echo "Port 443 is not accessible with wget"
|
||||
if wget -q --timeout=$TIMEOUT_INTERNET_SECONDS_443_BIN -O - "$url_lambda" \
|
||||
--header "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1
|
||||
then
|
||||
echo "Port 443 is accessible with wget"
|
||||
return 0
|
||||
else
|
||||
echo "Port 443 is not accessible with wget"
|
||||
return 1
|
||||
fi
|
||||
|
||||
else
|
||||
echo "Neither curl nor wget available"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@@ -8,25 +8,21 @@
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid, $pids
|
||||
# Generated Global Variables: $local_pid, $TIMEOUT_INTERNET_SECONDS_80
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
|
||||
check_tcp_80(){
|
||||
local TIMEOUT_INTERNET_SECONDS_80=$1
|
||||
if ! [ -f "/bin/bash" ]; then
|
||||
echo " /bin/bash not found"
|
||||
return
|
||||
fi
|
||||
|
||||
/bin/bash -c '
|
||||
for ip in 1.1.1.1 8.8.8.8; do
|
||||
(echo >/dev/tcp/$ip/80 && echo "Port 80 is accessible" && exit 0) &
|
||||
pids+=($!)
|
||||
done
|
||||
for pid in ${pids[@]}; do
|
||||
wait $pid && exit 0
|
||||
done
|
||||
echo "Port 80 is not accessible"
|
||||
' 2>/dev/null | grep "accessible"
|
||||
# example.com
|
||||
(bash -c '(echo >/dev/tcp/104.18.74.230/80 2>/dev/null && echo "Port 80 is accessible" && exit 0) 2>/dev/null || echo "Port 80 is not accessible"') & local_pid=$!
|
||||
|
||||
sleep $TIMEOUT_INTERNET_SECONDS_80 && kill -9 $local_pid 2>/dev/null && echo "Port 80 is not accessible"
|
||||
}
|
||||
18
linPEAS/builder/linpeas_parts/variables/EnvVarsRed.sh
Normal file
18
linPEAS/builder/linpeas_parts/variables/EnvVarsRed.sh
Normal file
@@ -0,0 +1,18 @@
|
||||
# Title: Variables - EnvVarsRed
|
||||
# ID: EnvVarsRed
|
||||
# Author: Carlos Polop
|
||||
# Last Update: 26-05-2025
|
||||
# Description: Useless env vars
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $EnvVarsRed
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
EnvVarsRed="[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME|[aA][pP][iI][_][kK][eE][yY]|[aA][wW][sS]|[aA][zZ][uU][rR][eE]|[gG][cC][pP]|[aA][pP][iI]|[sS][eE][cC][rR][eE][tT]|[sS][qQ][lL]|[dD][aA][tT][aA][bB][aA][sS][eE]|[tT][oO][kK][eE][nN]"
|
||||
|
||||
|
||||
16
linPEAS/builder/linpeas_parts/variables/NoEnvVars.sh
Normal file
16
linPEAS/builder/linpeas_parts/variables/NoEnvVars.sh
Normal file
@@ -0,0 +1,16 @@
|
||||
# Title: Variables - NoEnvVars
|
||||
# ID: NoEnvVars
|
||||
# Author: Carlos Polop
|
||||
# Last Update: 26-05-2025
|
||||
# Description: Useless env vars
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used:
|
||||
# Global Variables:
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $NoEnvVars
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
NoEnvVars="LESS_TERMCAP|JOURNAL_STREAM|XDG_SESSION|DBUS_SESSION|systemd\/sessions|systemd_exec|MEMORY_PRESSURE_WATCH|RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_|^PATH=|^INVOCATION_ID=|^WATCHDOG_PID=|^LISTEN_PID="
|
||||
@@ -97,7 +97,7 @@ class LinpeasBuilder:
|
||||
for orig_url in urls:
|
||||
tar_gz_bin_name = ""
|
||||
if ",,," in orig_url:
|
||||
tar_gz_bin_name = url.split(",,,")[1]
|
||||
tar_gz_bin_name = orig_url.split(",,,")[1]
|
||||
url = orig_url.split(",,,")[0]
|
||||
else:
|
||||
url = orig_url
|
||||
|
||||
@@ -457,28 +457,35 @@ namespace winPEAS.Checks
|
||||
{ "Not Accessible", Beaprint.ansi_color_bad },
|
||||
};
|
||||
Beaprint.AnsiPrint($" HTTP (80) Access: {(connectivityInfo.HttpAccess ? "Accessible" : "Not Accessible")}", colorsBool);
|
||||
if (!string.IsNullOrEmpty(connectivityInfo.HttpError))
|
||||
if (!connectivityInfo.HttpAccess && !string.IsNullOrEmpty(connectivityInfo.HttpError))
|
||||
{
|
||||
Beaprint.PrintException($" Error: {connectivityInfo.HttpError}");
|
||||
}
|
||||
|
||||
// HTTPS Access
|
||||
Beaprint.AnsiPrint($" HTTPS (443) Access: {(connectivityInfo.HttpsAccess ? "Accessible" : "Not Accessible")}", colorsBool);
|
||||
if (!string.IsNullOrEmpty(connectivityInfo.HttpsError))
|
||||
if (!connectivityInfo.HttpsAccess && !string.IsNullOrEmpty(connectivityInfo.HttpsError))
|
||||
{
|
||||
Beaprint.PrintException($" Error: {connectivityInfo.HttpsError}");
|
||||
}
|
||||
|
||||
// HTTPS By Domain Name
|
||||
Beaprint.AnsiPrint($" HTTPS (443) Access by Domain Name: {(connectivityInfo.LambdaAccess ? "Accessible" : "Not Accessible")}", colorsBool);
|
||||
if (!connectivityInfo.LambdaAccess && !string.IsNullOrEmpty(connectivityInfo.LambdaError))
|
||||
{
|
||||
Beaprint.PrintException($" Error: {connectivityInfo.LambdaError}");
|
||||
}
|
||||
|
||||
// DNS Access
|
||||
Beaprint.AnsiPrint($" DNS (53) Access: {(connectivityInfo.DnsAccess ? "Accessible" : "Not Accessible")}", colorsBool);
|
||||
if (!string.IsNullOrEmpty(connectivityInfo.DnsError))
|
||||
if (!connectivityInfo.DnsAccess && !string.IsNullOrEmpty(connectivityInfo.DnsError))
|
||||
{
|
||||
Beaprint.PrintException($" Error: {connectivityInfo.DnsError}");
|
||||
}
|
||||
|
||||
// ICMP Access
|
||||
Beaprint.AnsiPrint($" ICMP (ping) Access: {(connectivityInfo.IcmpAccess ? "Accessible" : "Not Accessible")}", colorsBool);
|
||||
if (!string.IsNullOrEmpty(connectivityInfo.IcmpError))
|
||||
if (!connectivityInfo.IcmpAccess && !string.IsNullOrEmpty(connectivityInfo.IcmpError))
|
||||
{
|
||||
Beaprint.PrintException($" Error: {connectivityInfo.IcmpError}");
|
||||
}
|
||||
@@ -505,7 +512,7 @@ namespace winPEAS.Checks
|
||||
}
|
||||
else if (!string.IsNullOrEmpty(resolutionInfo.Error))
|
||||
{
|
||||
Beaprint.BadPrint($" {resolutionInfo.Error}");
|
||||
Beaprint.PrintException($" {resolutionInfo.Error}");
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Net.Http.Headers;
|
||||
using System.Net.NetworkInformation;
|
||||
using System.Net.Sockets;
|
||||
using System.Text;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace winPEAS.Info.NetworkInfo
|
||||
{
|
||||
// ───────────────────────────────────────────────────────────────
|
||||
// POCO returned to the UI
|
||||
// ───────────────────────────────────────────────────────────────
|
||||
public class InternetConnectivityInfo
|
||||
{
|
||||
public bool HttpAccess { get; set; }
|
||||
@@ -18,41 +18,72 @@ namespace winPEAS.Info.NetworkInfo
|
||||
public bool LambdaAccess { get; set; }
|
||||
public bool DnsAccess { get; set; }
|
||||
public bool IcmpAccess { get; set; }
|
||||
|
||||
public string HttpError { get; set; }
|
||||
public string HttpsError { get; set; }
|
||||
public string LambdaError { get; set; }
|
||||
public string DnsError { get; set; }
|
||||
public string IcmpError { get; set; }
|
||||
|
||||
public string SuccessfulHttpIp { get; set; }
|
||||
public string SuccessfulHttpsIp { get; set; }
|
||||
public string SuccessfulDnsIp { get; set; }
|
||||
public string SuccessfulIcmpIp { get; set; }
|
||||
}
|
||||
|
||||
// ───────────────────────────────────────────────────────────────
|
||||
// Connectivity tester
|
||||
// ───────────────────────────────────────────────────────────────
|
||||
public static class InternetConnectivity
|
||||
{
|
||||
private const int HTTP_TIMEOUT = 5000; // 5 seconds
|
||||
private const int ICMP_TIMEOUT = 2000; // 2 seconds
|
||||
private static readonly string[] TEST_IPS = new[] { "1.1.1.1", "8.8.8.8" }; // Cloudflare DNS, Google DNS
|
||||
private const string LAMBDA_URL = "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/";
|
||||
private const int HTTP_TIMEOUT_MS = 5000; // 5 s
|
||||
private const int ICMP_TIMEOUT_MS = 2000; // 2 s
|
||||
|
||||
private static bool TryHttpAccess(string ip, out string error)
|
||||
// IPs that answer on 80 & 443
|
||||
private static readonly string[] WEB_TEST_IPS =
|
||||
{ "93.184.216.34", "151.101.1.69" }; // example.com / Fastly
|
||||
|
||||
// Public DNS resolvers for DNS + ICMP checks
|
||||
private static readonly string[] DNS_ICMP_IPS =
|
||||
{ "1.1.1.1", "8.8.8.8" };
|
||||
|
||||
private const string LAMBDA_URL =
|
||||
"https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/";
|
||||
|
||||
// Shared HttpClient (kept for HTTP & Lambda checks)
|
||||
private static readonly HttpClient http = new HttpClient
|
||||
{
|
||||
Timeout = TimeSpan.FromMilliseconds(HTTP_TIMEOUT_MS)
|
||||
};
|
||||
|
||||
// ─── Helpers ───────────────────────────────────────────────
|
||||
private static bool TryHttpAccess(string ip, out string error) =>
|
||||
TryWebRequest($"http://{ip}", out error);
|
||||
|
||||
// **NEW IMPLEMENTATION** – plain TCP connect on port 443
|
||||
private static bool TryHttpsAccess(string ip, out string error)
|
||||
{
|
||||
try
|
||||
{
|
||||
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(HTTP_TIMEOUT));
|
||||
using var client = new HttpClient { Timeout = TimeSpan.FromSeconds(HTTP_TIMEOUT) };
|
||||
using var client = new TcpClient();
|
||||
|
||||
var resp = client.GetAsync($"http://{ip}", cts.Token)
|
||||
.GetAwaiter().GetResult();
|
||||
// Start async connect and wait up to the timeout
|
||||
var connectTask = client.ConnectAsync(ip, 443);
|
||||
bool completed = connectTask.Wait(HTTP_TIMEOUT_MS);
|
||||
|
||||
if (resp.IsSuccessStatusCode)
|
||||
if (!completed)
|
||||
{
|
||||
error = "TCP connect timed out";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (client.Connected)
|
||||
{
|
||||
error = null;
|
||||
return true;
|
||||
}
|
||||
|
||||
error = $"HTTP status {(int)resp.StatusCode}";
|
||||
error = "TCP connection failed";
|
||||
return false;
|
||||
}
|
||||
catch (Exception ex)
|
||||
@@ -62,25 +93,17 @@ namespace winPEAS.Info.NetworkInfo
|
||||
}
|
||||
}
|
||||
|
||||
private static bool TryHttpsAccess(string ip, out string error)
|
||||
private static bool TryWebRequest(string url, out string error)
|
||||
{
|
||||
try
|
||||
{
|
||||
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(HTTP_TIMEOUT));
|
||||
using var client = new HttpClient { Timeout = TimeSpan.FromSeconds(HTTP_TIMEOUT) };
|
||||
using var cts =
|
||||
new CancellationTokenSource(TimeSpan.FromMilliseconds(HTTP_TIMEOUT_MS));
|
||||
http.GetAsync(url, cts.Token).GetAwaiter().GetResult();
|
||||
|
||||
var resp = client.GetAsync($"https://{ip}", cts.Token)
|
||||
.GetAwaiter().GetResult();
|
||||
|
||||
if (resp.IsSuccessStatusCode)
|
||||
{
|
||||
error = null;
|
||||
error = null; // any HTTP response == connectivity
|
||||
return true;
|
||||
}
|
||||
|
||||
error = $"HTTPS status {(int)resp.StatusCode}";
|
||||
return false;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex.Message;
|
||||
@@ -92,24 +115,19 @@ namespace winPEAS.Info.NetworkInfo
|
||||
{
|
||||
try
|
||||
{
|
||||
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(HTTP_TIMEOUT));
|
||||
using var client = new HttpClient { Timeout = TimeSpan.FromSeconds(HTTP_TIMEOUT) };
|
||||
using var cts =
|
||||
new CancellationTokenSource(TimeSpan.FromMilliseconds(HTTP_TIMEOUT_MS));
|
||||
|
||||
var req = new HttpRequestMessage(HttpMethod.Get, LAMBDA_URL);
|
||||
req.Headers.UserAgent.ParseAdd("winpeas");
|
||||
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
req.Headers.Accept.Add(
|
||||
new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
|
||||
var resp = client.SendAsync(req, cts.Token)
|
||||
.GetAwaiter().GetResult();
|
||||
var resp = http.SendAsync(req, cts.Token).GetAwaiter().GetResult();
|
||||
|
||||
if (resp.IsSuccessStatusCode)
|
||||
{
|
||||
error = null;
|
||||
return true;
|
||||
}
|
||||
|
||||
error = $"Lambda status {(int)resp.StatusCode}";
|
||||
return false;
|
||||
error = resp.IsSuccessStatusCode ? null :
|
||||
$"HTTP {(int)resp.StatusCode}";
|
||||
return error == null;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@@ -118,167 +136,132 @@ namespace winPEAS.Info.NetworkInfo
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private static bool TryDnsAccess(string ip, out string error)
|
||||
{
|
||||
try
|
||||
{
|
||||
using (var udpClient = new UdpClient())
|
||||
{
|
||||
// Set a timeout for the connection attempt
|
||||
udpClient.Client.ReceiveTimeout = HTTP_TIMEOUT;
|
||||
udpClient.Client.SendTimeout = HTTP_TIMEOUT;
|
||||
using var udp = new UdpClient();
|
||||
udp.Client.ReceiveTimeout = HTTP_TIMEOUT_MS;
|
||||
udp.Client.SendTimeout = HTTP_TIMEOUT_MS;
|
||||
|
||||
// Create DNS server endpoint
|
||||
var dnsServer = new IPEndPoint(IPAddress.Parse(ip), 53);
|
||||
var server = new IPEndPoint(IPAddress.Parse(ip), 53);
|
||||
|
||||
// Create a simple DNS query for google.com (type A record)
|
||||
byte[] dnsQuery = new byte[] {
|
||||
0x00, 0x01, // Transaction ID
|
||||
0x01, 0x00, // Flags (Standard query)
|
||||
0x00, 0x01, // Questions: 1
|
||||
0x00, 0x00, // Answer RRs: 0
|
||||
0x00, 0x00, // Authority RRs: 0
|
||||
0x00, 0x00, // Additional RRs: 0
|
||||
// google.com
|
||||
// minimal query for google.com A‑record
|
||||
byte[] q = {
|
||||
0x00,0x01, 0x01,0x00, 0x00,0x01, 0x00,0x00, 0x00,0x00, 0x00,0x00,
|
||||
0x06,0x67,0x6f,0x6f,0x67,0x6c,0x65, 0x03,0x63,0x6f,0x6d, 0x00,
|
||||
0x00, 0x01, // Type: A
|
||||
0x00, 0x01 // Class: IN
|
||||
0x00,0x01, 0x00,0x01
|
||||
};
|
||||
|
||||
// Send the DNS query
|
||||
udpClient.Send(dnsQuery, dnsQuery.Length, dnsServer);
|
||||
udp.Send(q, q.Length, server);
|
||||
|
||||
// Try to receive a response
|
||||
IPEndPoint remoteEP = new IPEndPoint(IPAddress.Any, 0);
|
||||
byte[] response = udpClient.Receive(ref remoteEP);
|
||||
IPEndPoint remote = new IPEndPoint(IPAddress.Any, 0);
|
||||
byte[] resp = udp.Receive(ref remote);
|
||||
|
||||
// If we got a response, the DNS server is reachable
|
||||
if (response != null && response.Length > 0)
|
||||
{
|
||||
error = null;
|
||||
return true;
|
||||
}
|
||||
|
||||
error = "No response received from DNS server";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
catch (SocketException ex)
|
||||
{
|
||||
error = $"Socket error: {ex.Message}";
|
||||
return false;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex.Message;
|
||||
return false;
|
||||
error = resp?.Length > 0 ? null : "No DNS response";
|
||||
return error == null;
|
||||
}
|
||||
catch (SocketException ex) { error = ex.Message; return false; }
|
||||
catch (Exception ex) { error = ex.Message; return false; }
|
||||
}
|
||||
|
||||
private static bool TryIcmpAccess(string ip, out string error)
|
||||
{
|
||||
try
|
||||
{
|
||||
using (var ping = new Ping())
|
||||
{
|
||||
var reply = ping.Send(ip, ICMP_TIMEOUT);
|
||||
if (reply?.Status == IPStatus.Success)
|
||||
{
|
||||
error = null;
|
||||
return true;
|
||||
}
|
||||
error = $"Ping failed with status: {reply?.Status}";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex.Message;
|
||||
return false;
|
||||
using var ping = new Ping();
|
||||
var reply = ping.Send(ip, ICMP_TIMEOUT_MS);
|
||||
|
||||
error = reply?.Status == IPStatus.Success
|
||||
? null
|
||||
: $"Ping failed: {reply?.Status}";
|
||||
return error == null;
|
||||
}
|
||||
catch (Exception ex) { error = ex.Message; return false; }
|
||||
}
|
||||
|
||||
// ─── Main entry ───────────────────────────────────────────
|
||||
public static InternetConnectivityInfo CheckConnectivity()
|
||||
{
|
||||
var result = new InternetConnectivityInfo();
|
||||
var info = new InternetConnectivityInfo();
|
||||
|
||||
// Test HTTP (port 80) on each IP until success
|
||||
foreach (var ip in TEST_IPS)
|
||||
// -------- HTTP / HTTPS --------------------------------
|
||||
foreach (var ip in WEB_TEST_IPS)
|
||||
{
|
||||
if (TryHttpAccess(ip, out string error))
|
||||
// HTTP
|
||||
if (!info.HttpAccess)
|
||||
{
|
||||
result.HttpAccess = true;
|
||||
result.SuccessfulHttpIp = ip;
|
||||
break;
|
||||
}
|
||||
else if (ip == TEST_IPS[TEST_IPS.Length - 1]) // Last IP
|
||||
string httpErr;
|
||||
if (TryHttpAccess(ip, out httpErr))
|
||||
{
|
||||
result.HttpAccess = false;
|
||||
result.HttpError = error;
|
||||
}
|
||||
}
|
||||
|
||||
// Test HTTPS (port 443) on each IP until success
|
||||
foreach (var ip in TEST_IPS)
|
||||
{
|
||||
if (TryHttpsAccess(ip, out string error))
|
||||
{
|
||||
result.HttpsAccess = true;
|
||||
result.SuccessfulHttpsIp = ip;
|
||||
break;
|
||||
}
|
||||
else if (ip == TEST_IPS[TEST_IPS.Length - 1]) // Last IP
|
||||
{
|
||||
result.HttpsAccess = false;
|
||||
result.HttpsError = error;
|
||||
}
|
||||
}
|
||||
|
||||
// Test Lambda URL
|
||||
result.LambdaAccess = TryLambdaAccess(out string lambdaError);
|
||||
if (!result.LambdaAccess)
|
||||
{
|
||||
result.LambdaError = lambdaError;
|
||||
info.HttpAccess = true;
|
||||
info.SuccessfulHttpIp = ip;
|
||||
}
|
||||
else
|
||||
{
|
||||
result.HttpsAccess = true;
|
||||
}
|
||||
|
||||
// Test DNS on each IP until success
|
||||
foreach (var ip in TEST_IPS)
|
||||
{
|
||||
if (TryDnsAccess(ip, out string error))
|
||||
{
|
||||
result.DnsAccess = true;
|
||||
result.SuccessfulDnsIp = ip;
|
||||
break;
|
||||
}
|
||||
else if (ip == TEST_IPS[TEST_IPS.Length - 1]) // Last IP
|
||||
{
|
||||
result.DnsAccess = false;
|
||||
result.DnsError = error;
|
||||
info.HttpError = httpErr;
|
||||
}
|
||||
}
|
||||
|
||||
// Test ICMP (ping) on each IP until success
|
||||
foreach (var ip in TEST_IPS)
|
||||
// HTTPS (raw TCP 443)
|
||||
if (!info.HttpsAccess)
|
||||
{
|
||||
if (TryIcmpAccess(ip, out string error))
|
||||
string httpsErr;
|
||||
if (TryHttpsAccess(ip, out httpsErr))
|
||||
{
|
||||
result.IcmpAccess = true;
|
||||
result.SuccessfulIcmpIp = ip;
|
||||
break;
|
||||
info.HttpsAccess = true;
|
||||
info.SuccessfulHttpsIp = ip;
|
||||
}
|
||||
else if (ip == TEST_IPS[TEST_IPS.Length - 1]) // Last IP
|
||||
else
|
||||
{
|
||||
result.IcmpAccess = false;
|
||||
result.IcmpError = error;
|
||||
info.HttpsError = httpsErr;
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
if (info.HttpAccess && info.HttpsAccess) break;
|
||||
}
|
||||
|
||||
// -------- Lambda --------------------------------------
|
||||
info.LambdaAccess = TryLambdaAccess(out string lambdaErr);
|
||||
if (!info.LambdaAccess) info.LambdaError = lambdaErr;
|
||||
|
||||
// -------- DNS / ICMP ----------------------------------
|
||||
foreach (var ip in DNS_ICMP_IPS)
|
||||
{
|
||||
// DNS
|
||||
if (!info.DnsAccess)
|
||||
{
|
||||
string dnsErr;
|
||||
if (TryDnsAccess(ip, out dnsErr))
|
||||
{
|
||||
info.DnsAccess = true;
|
||||
info.SuccessfulDnsIp = ip;
|
||||
}
|
||||
else
|
||||
{
|
||||
info.DnsError = dnsErr;
|
||||
}
|
||||
}
|
||||
|
||||
// ICMP
|
||||
if (!info.IcmpAccess)
|
||||
{
|
||||
string pingErr;
|
||||
if (TryIcmpAccess(ip, out pingErr))
|
||||
{
|
||||
info.IcmpAccess = true;
|
||||
info.SuccessfulIcmpIp = ip;
|
||||
}
|
||||
else
|
||||
{
|
||||
info.IcmpError = pingErr;
|
||||
}
|
||||
}
|
||||
|
||||
if (info.DnsAccess && info.IcmpAccess) break;
|
||||
}
|
||||
|
||||
return info;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -195,11 +195,11 @@ namespace winPEAS.Info.ProcessInfo
|
||||
continue;
|
||||
|
||||
List<string> permsFile = PermissionsHelper.GetPermissionsFile(sFilePath, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
|
||||
IdentityReference sid = null;
|
||||
try
|
||||
{
|
||||
System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(sFilePath);
|
||||
IdentityReference sid = fs.GetOwner(typeof(SecurityIdentifier));
|
||||
string ownerName = sid.Translate(typeof(NTAccount)).ToString();
|
||||
sid = fs.GetOwner(typeof(SecurityIdentifier));
|
||||
|
||||
// If current user already have permissions over that file or the proc belongs to the owner of the file,
|
||||
// handler not interesting to elevate privs
|
||||
@@ -207,6 +207,8 @@ namespace winPEAS.Info.ProcessInfo
|
||||
continue;
|
||||
|
||||
to_add["File Path"] = sFilePath;
|
||||
|
||||
string ownerName = sid.Translate(typeof(NTAccount)).ToString();
|
||||
to_add["File Owner"] = ownerName;
|
||||
}
|
||||
catch (System.IO.FileNotFoundException)
|
||||
@@ -218,7 +220,10 @@ namespace winPEAS.Info.ProcessInfo
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
catch (System.Security.Principal.IdentityNotMappedException)
|
||||
{
|
||||
to_add["File Owner"] = sid.ToString();
|
||||
}
|
||||
}
|
||||
|
||||
else if (typeName == "key")
|
||||
|
||||
Reference in New Issue
Block a user