Fix leftover debug code and reset state in parser

Merge pull request #473 from Signum21/master
Fix IdentityNotMappedException in Vulnerable Leaked Handlers
2025-12-10 02:41:31 +00:00 · 2025-06-06 00:00:39 +02:00 · 2025-05-31 22:36:49 +02:00 · 2025-05-31 04:56:14 +02:00 · 2025-05-26 23:57:40 +02:00 · 2025-05-25 21:32:51 -04:00
4 changed files with 25 additions and 13 deletions
--- a/linPEAS/builder/linpeas_parts/variables/NoEnvVars.sh
+++ b/linPEAS/builder/linpeas_parts/variables/NoEnvVars.sh
@@ -13,4 +13,4 @@
 # Small linpeas: 1


-NoEnvVars="LESS_TERMCAP|JOURNAL_STREAM|XDG_SESSION|DBUS_SESSION|systemd\/sessions|systemd_exec|MEMORY_PRESSURE_WATCH|RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_"
+NoEnvVars="LESS_TERMCAP|JOURNAL_STREAM|XDG_SESSION|DBUS_SESSION|systemd\/sessions|systemd_exec|MEMORY_PRESSURE_WATCH|RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_|^PATH=|^INVOCATION_ID=|^WATCHDOG_PID=|^LISTEN_PID="
--- a/parsers/peas2json.py
+++ b/parsers/peas2json.py
@@ -106,8 +106,6 @@ def parse_line(line: str):

    global FINAL_JSON, C_SECTION, C_MAIN_SECTION, C_2_SECTION, C_3_SECTION

-    if "Cron jobs" in line:
-        a=1

    if is_section(line, TITLE1_PATTERN):
        title = parse_title(line)
@@ -145,14 +143,23 @@ def parse_line(line: str):


 def parse_peass(outputpath: str, jsonpath: str = ""):
-    global OUTPUT_PATH, JSON_PATH
+    global OUTPUT_PATH, JSON_PATH, FINAL_JSON, C_SECTION, C_MAIN_SECTION, C_2_SECTION, C_3_SECTION

    OUTPUT_PATH = outputpath
    JSON_PATH = jsonpath

-    for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
+    # Reset globals to avoid data leaking between executions
+    FINAL_JSON = {}
+    C_SECTION = FINAL_JSON
+    C_MAIN_SECTION = FINAL_JSON
+    C_2_SECTION = FINAL_JSON
+    C_3_SECTION = FINAL_JSON
+
+    with open(OUTPUT_PATH, 'r', encoding="utf8") as f:
+        for line in f.readlines():
            line = line.strip()
-        if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
+            # Remove empty lines or lines containing only color codes
+            if not line or not clean_colors(line):
                continue

            parse_line(line)
--- a/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
@@ -195,11 +195,11 @@ namespace winPEAS.Info.ProcessInfo
                                continue;

                            List<string> permsFile = PermissionsHelper.GetPermissionsFile(sFilePath, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
+                            IdentityReference sid = null;
                            try
                            {
                                System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(sFilePath);
-                                IdentityReference sid = fs.GetOwner(typeof(SecurityIdentifier));
-                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
+                                sid = fs.GetOwner(typeof(SecurityIdentifier));

                                // If current user already have permissions over that file or the proc belongs to the owner of the file,
                                // handler not interesting to elevate privs
@@ -207,6 +207,8 @@ namespace winPEAS.Info.ProcessInfo
                                    continue;

                                to_add["File Path"] = sFilePath;
+
+                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
                                to_add["File Owner"] = ownerName;
                            }
                            catch (System.IO.FileNotFoundException)
@@ -218,7 +220,10 @@ namespace winPEAS.Info.ProcessInfo
                            {
                                continue;
                            }
-
+                            catch (System.Security.Principal.IdentityNotMappedException)
+                            {
+                                to_add["File Owner"] = sid.ToString();
+                            }
                        }

                        else if (typeName == "key")
Author	SHA1	Message	Date
SirBroccoli	39066f6867	Fix leftover debug code and reset state in parser	2025-06-06 00:00:39 +02:00
SirBroccoli	c3a93a57fe	Merge pull request #473 from Signum21/master Fix IdentityNotMappedException in Vulnerable Leaked Handlers	2025-05-31 22:36:49 +02:00
Signum21	f62d9fc550	Fix System.Security.Principal.IdentityNotMappedException in Vulnerable Leaked Handlers	2025-05-31 04:56:14 +02:00
SirBroccoli	11e9b8dde6	Merge pull request #472 from Jack-Vaughn/NoEnvVars-Update Add 4 noisy environment variables to NoEnvVars.sh	2025-05-26 23:57:40 +02:00
Jack Vaughn	b9a9ad5ddf	Add 4 noisy and useless environment variables to NoEnvVars.sh These variables (^PATH=\|^INVOCATION_ID=\|^WATCHDOG_PID=\|^LISTEN_PID=) frequently appear across processes on busy systems (10+ each on tested system) and produce a large volume of irrelevant output	2025-05-25 21:32:51 -04:00