darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- added check PrintExecutablesInNonDefaultFoldersWithWritePermissions()

Browse Source
This commit is contained in:
makikvues 2021-01-25 22:46:14 +01:00
parent 2a0ab7bf77
commit 23d3e1cd22
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
winPEAS/winPEASexe/winPEAS/Checks/ApplicationsInfo.cs
View File

@ -244,6 +244,7 @@ namespace winPEAS.Checks
Dictionary<string, string> colorsD = new Dictionary<string, string>() Dictionary<string, string> colorsD = new Dictionary<string, string>()
{ {
{ "Permissions.*", Beaprint.ansi_color_bad }, { "Permissions.*", Beaprint.ansi_color_bad },
{ "Capcom.sys", Beaprint.ansi_color_bad },
{ pathDriver.Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+","\\+"), (fileRights.Count > 0 || dirRights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good }, { pathDriver.Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+","\\+"), (fileRights.Count > 0 || dirRights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good },
}; };

42
winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
View File

@ -127,6 +127,7 @@ namespace winPEAS.Checks
PrintRecycleBin, PrintRecycleBin,
PrintHiddenFilesAndFolders, PrintHiddenFilesAndFolders,
PrintOtherUsersInterestingFiles PrintOtherUsersInterestingFiles
PrintExecutablesInNonDefaultFoldersWithWritePermissions,
}.ForEach(action => CheckRunner.Run(action, isDebug)); }.ForEach(action => CheckRunner.Run(action, isDebug));
} }
@ -643,5 +644,46 @@ namespace winPEAS.Checks
} }
} }
} }
private void PrintExecutablesInNonDefaultFoldersWithWritePermissions()
{
Beaprint.MainPrint($"Searching executable files in non-default folders with write (equivalent) permissions (can be slow)");
var systemDrive = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\";
var excludedDirs = new HashSet<string>()
{
@"c:\esupport",
@"c:\perflogs",
@"c:\programdata",
@"c:\program files(x86)",
@"c:\program files",
@"c:\windows",
@"c:\windows.old",
};
var allowedExtensions = new HashSet<string>()
{
".bat",
".exe",
".ps1"
};
var files = SearchHelper.GetFilesFast(systemDrive, "*", excludedDirs);
foreach (var file in files)
{
if (file.Extension != null && allowedExtensions.Contains(file.Extension.ToLower()))
{
// check the file permissions
List<string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
if (fileRights.Count > 0)
{
Beaprint.BadPrint($" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights));
}
}
}
}
} }
} }