diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs index 75c6eb8..1f8fd06 100644 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs +++ b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs @@ -14,15 +14,16 @@ namespace winPEAS._3rdParty.Watson { using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering")) { - var hotFixes = searcher.Get(); - - foreach (var hotFix in hotFixes) + using (var hotFixes = searcher.Get()) { - var line = hotFix["HotFixID"].ToString().Remove(0, 2); - - if (int.TryParse(line, out int kb)) + foreach (var hotFix in hotFixes) { - KbList.Add(kb); + var line = hotFix["HotFixID"].ToString().Remove(0, 2); + + if (int.TryParse(line, out int kb)) + { + KbList.Add(kb); + } } } } @@ -41,13 +42,14 @@ namespace winPEAS._3rdParty.Watson { using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem")) { - var collection = searcher.Get(); - - foreach (var num in collection) + using (var collection = searcher.Get()) { - if (int.TryParse(num["BuildNumber"] as string, out int buildNumber)) + foreach (var num in collection) { - return buildNumber; + if (int.TryParse(num["BuildNumber"] as string, out int buildNumber)) + { + return buildNumber; + } } } } diff --git a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs index 25fa906..812f761 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs @@ -264,7 +264,7 @@ namespace winPEAS.Checks colors); Beaprint.PrintLineSeparator(); } - catch (Exception e) { } + catch (Exception) { } } } else @@ -272,7 +272,7 @@ namespace winPEAS.Checks Beaprint.GoodPrint(" WSL - no installed Linux distributions found."); } } - catch (Exception e) { } + catch (Exception) { } } } @@ -513,24 +513,30 @@ namespace winPEAS.Checks foreach (var file in files) { - FileAttributes attr = File.GetAttributes(file.FullPath); - if ((attr & FileAttributes.Directory) == FileAttributes.Directory) + try { - List dirRights = PermissionsHelper.GetPermissionsFolder(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); - - if (dirRights.Count > 0) + FileAttributes attr = File.GetAttributes(file.FullPath); + if ((attr & FileAttributes.Directory) == FileAttributes.Directory) { - Beaprint.BadPrint($" Folder Permissions \"{file.FullPath}\": " + string.Join(",", dirRights)); + List dirRights = PermissionsHelper.GetPermissionsFolder(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); + + if (dirRights.Count > 0) + { + Beaprint.BadPrint($" Folder Permissions \"{file.FullPath}\": " + string.Join(",", dirRights)); + } + } + else + { + List fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); + + if (fileRights.Count > 0) + { + Beaprint.BadPrint($" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights)); + } } } - else + catch (Exception) { - List fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); - - if (fileRights.Count > 0) - { - Beaprint.BadPrint($" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights)); - } } } @@ -637,8 +643,8 @@ namespace winPEAS.Checks Beaprint.BadPrint($" {file.FullPath}"); } } - catch (PathTooLongException ex) { } - catch (Exception ex) + catch (PathTooLongException) { } + catch (Exception) { // & other exceptions } @@ -656,12 +662,14 @@ namespace winPEAS.Checks @"c:\esupport", @"c:\perflogs", @"c:\programdata", - @"c:\program files(x86)", + @"c:\program files (x86)", @"c:\program files", @"c:\windows", @"c:\windows.old", }; + var currentUserDir = @$"{systemDrive}users\{Environment.GetEnvironmentVariable("USERNAME")}".ToLower(); + var allowedExtensions = new HashSet() { ".bat", @@ -669,20 +677,35 @@ namespace winPEAS.Checks ".ps1" }; - var files = SearchHelper.GetFilesFast(systemDrive, "*", excludedDirs); + var files = SearchHelper.GetFilesFast(systemDrive, "*", excludedDirs); foreach (var file in files) { - if (file.Extension != null && allowedExtensions.Contains(file.Extension.ToLower())) + try { - // check the file permissions - List fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); - - if (fileRights.Count > 0) + if (file.Extension != null && allowedExtensions.Contains(file.Extension.ToLower())) { - Beaprint.BadPrint($" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights)); + // check the file permissions + List fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true); + + if (fileRights.Count > 0) + { + string log = $" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights); + + if (file.FullPath.ToLower().StartsWith(currentUserDir)) + { + Beaprint.NoColorPrint(log); + } + else + { + Beaprint.BadPrint(log); + } + } } } + catch (Exception) + { + } } } } diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs index 359c13f..cdbede7 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs @@ -354,9 +354,8 @@ namespace winPEAS.Helpers.AppLocker return true; } } - catch (Exception e) + catch (Exception) { - // unauthorized access ? } return false; diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs index 3129853..528ee56 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs @@ -83,6 +83,10 @@ namespace winPEAS.Helpers.Search { return new List(); } + catch (Exception) + { + return new List(); + } List result = new List(); @@ -104,6 +108,9 @@ namespace winPEAS.Helpers.Search catch (DirectoryNotFoundException) { } + catch (Exception) + { + } return result; } @@ -151,6 +158,10 @@ namespace winPEAS.Helpers.Search { return new List(); } + catch (Exception) + { + return new List(); + } return GetStartDirectories(directories[0].FullName, files, pattern); } diff --git a/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs b/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs index 3871dfd..d3c3073 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs @@ -355,7 +355,7 @@ namespace winPEAS.Info.ApplicationInfo } } } - catch (Exception e) + catch (Exception) { } @@ -381,7 +381,7 @@ namespace winPEAS.Info.ApplicationInfo }); } } - catch (Exception e) + catch (Exception) { } } @@ -408,7 +408,7 @@ namespace winPEAS.Info.ApplicationInfo { "isUnquotedSpaced", "" } }); } - catch (Exception e) + catch (Exception) { } } @@ -422,24 +422,25 @@ namespace winPEAS.Info.ApplicationInfo try { SelectQuery query = new SelectQuery("Win32_StartupCommand"); - ManagementObjectSearcher searcher = new ManagementObjectSearcher(query); - using (ManagementObjectCollection win32_startup = searcher.Get()) + using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query)) { - foreach (ManagementObject startup in win32_startup) + using (ManagementObjectCollection win32_startup = searcher.Get()) { - string command = startup["command"].ToString(); - command = Environment.ExpandEnvironmentVariables(string.Format("{0}", command)); - string filepath = MyUtils.GetExecutableFromPath(command); - - if (!string.IsNullOrEmpty(filepath)) + foreach (ManagementObject startup in win32_startup) { - string filepathCleaned = filepath.Replace("'", "").Replace("\"", ""); + string command = startup["command"].ToString(); + command = Environment.ExpandEnvironmentVariables(string.Format("{0}", command)); + string filepath = MyUtils.GetExecutableFromPath(command); - try + if (!string.IsNullOrEmpty(filepath)) { - string folder = Path.GetDirectoryName(filepathCleaned); - results.Add(new Dictionary() + string filepathCleaned = filepath.Replace("'", "").Replace("\"", ""); + + try + { + string folder = Path.GetDirectoryName(filepathCleaned); + results.Add(new Dictionary() { {"Reg", ""}, {"RegKey", "From WMIC"}, @@ -457,9 +458,10 @@ namespace winPEAS.Info.ApplicationInfo }, {"isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(command).ToString()} }); - } - catch (Exception) - { + } + catch (Exception) + { + } } } } @@ -511,7 +513,7 @@ namespace winPEAS.Info.ApplicationInfo }); } } - catch (Exception e) + catch (Exception) { } } diff --git a/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/NetworkInfoHelper.cs b/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/NetworkInfoHelper.cs index 950ab23..32f109f 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/NetworkInfoHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/NetworkInfoHelper.cs @@ -269,20 +269,22 @@ namespace winPEAS.Info.NetworkInfo List> results = new List>(); try { - - ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\standardcimv2", "SELECT * FROM MSFT_DNSClientCache"); - ManagementObjectCollection data = wmiData.Get(); - - foreach (ManagementObject result in data) + using (ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\standardcimv2", "SELECT * FROM MSFT_DNSClientCache")) { - Dictionary dnsEntry = new Dictionary(); - string entry = $"{result["Entry"]}"; - string name = $"{result["Name"]}"; - string dataDns = $"{result["Data"]}"; - dnsEntry["Entry"] = (entry.Length > 33) ? "..." + result["Entry"].ToString().Substring(entry.Length - 32) : entry; - dnsEntry["Name"] = (name.Length > 33) ? "..." + name.Substring(name.Length - 32) : name; - dnsEntry["Data"] = (dataDns.Length > 33) ? "..." + dataDns.Substring(dataDns.Length - 32) : dataDns; - results.Add(dnsEntry); + using (ManagementObjectCollection data = wmiData.Get()) + { + foreach (ManagementObject result in data) + { + Dictionary dnsEntry = new Dictionary(); + string entry = $"{result["Entry"]}"; + string name = $"{result["Name"]}"; + string dataDns = $"{result["Data"]}"; + dnsEntry["Entry"] = (entry.Length > 33) ? "..." + result["Entry"].ToString().Substring(entry.Length - 32) : entry; + dnsEntry["Name"] = (name.Length > 33) ? "..." + name.Substring(name.Length - 32) : name; + dnsEntry["Data"] = (dataDns.Length > 33) ? "..." + dataDns.Substring(dataDns.Length - 32) : dataDns; + results.Add(dnsEntry); + } + } } } catch (ManagementException ex) when (ex.ErrorCode == ManagementStatus.InvalidNamespace) diff --git a/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs b/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs index be1ca4b..9b6588a 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs @@ -25,42 +25,45 @@ namespace winPEAS.Info.ServicesInfo try { - ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\cimv2", "SELECT * FROM win32_service"); - ManagementObjectCollection data = wmiData.Get(); - - foreach (ManagementObject result in data) + using (ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\cimv2", "SELECT * FROM win32_service")) { - if (result["PathName"] != null) + using (ManagementObjectCollection data = wmiData.Get()) { - string binaryPath = MyUtils.GetExecutableFromPath(result["PathName"].ToString()); - string companyName = ""; - string isDotNet = ""; - try + foreach (ManagementObject result in data) { - FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(binaryPath); - companyName = myFileVersionInfo.CompanyName; - isDotNet = MyUtils.CheckIfDotNet(binaryPath) ? "isDotNet" : ""; - } - catch (Exception) - { - // Not enough privileges - } + if (result["PathName"] != null) + { + string binaryPath = MyUtils.GetExecutableFromPath(result["PathName"].ToString()); + string companyName = ""; + string isDotNet = ""; + try + { + FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(binaryPath); + companyName = myFileVersionInfo.CompanyName; + isDotNet = MyUtils.CheckIfDotNet(binaryPath) ? "isDotNet" : ""; + } + catch (Exception) + { + // Not enough privileges + } - if (string.IsNullOrEmpty(companyName) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase))) - { - Dictionary toadd = new Dictionary(); - - toadd["Name"] = GetStringOrEmpty(result["Name"]); - toadd["DisplayName"] = GetStringOrEmpty(result["DisplayName"]); - toadd["CompanyName"] = companyName; - toadd["State"] = GetStringOrEmpty(result["State"]); - toadd["StartMode"] = GetStringOrEmpty(result["StartMode"]); - toadd["PathName"] = GetStringOrEmpty(result["PathName"]); - toadd["FilteredPath"] = binaryPath; - toadd["isDotNet"] = isDotNet; - toadd["Description"] = GetStringOrEmpty(result["Description"]); - - results.Add(toadd); + if (string.IsNullOrEmpty(companyName) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase))) + { + Dictionary toadd = new Dictionary(); + + toadd["Name"] = GetStringOrEmpty(result["Name"]); + toadd["DisplayName"] = GetStringOrEmpty(result["DisplayName"]); + toadd["CompanyName"] = companyName; + toadd["State"] = GetStringOrEmpty(result["State"]); + toadd["StartMode"] = GetStringOrEmpty(result["StartMode"]); + toadd["PathName"] = GetStringOrEmpty(result["PathName"]); + toadd["FilteredPath"] = binaryPath; + toadd["isDotNet"] = isDotNet; + toadd["Description"] = GetStringOrEmpty(result["Description"]); + + results.Add(toadd); + } + } } } } @@ -69,6 +72,7 @@ namespace winPEAS.Info.ServicesInfo { Beaprint.PrintException(ex.Message); } + return results; } @@ -239,7 +243,7 @@ namespace winPEAS.Info.ServicesInfo } } - catch (Exception ex) + catch (Exception) { //Beaprint.PrintException(ex.Message) } diff --git a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs index 457c5ed..e994f0b 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs @@ -76,30 +76,40 @@ namespace winPEAS.Info.SystemInfo string dnsDomain = properties.DomainName; const string query = "SELECT HotFixID FROM Win32_QuickFixEngineering"; - var search = new ManagementObjectSearcher(query); - var collection = search.Get(); - string hotfixes = ""; - foreach (ManagementObject quickFix in collection) - hotfixes += quickFix["HotFixID"].ToString() + ", "; - results.Add("Hostname", strHostName); - if (dnsDomain.Length > 1) results.Add("Domain Name", dnsDomain); - results.Add("ProductName", ProductName); - results.Add("EditionID", EditionID); - results.Add("ReleaseId", ReleaseId); - results.Add("BuildBranch", BuildBranch); - results.Add("CurrentMajorVersionNumber", CurrentMajorVersionNumber); - results.Add("CurrentVersion", CurrentVersion); - results.Add("Architecture", arch); - results.Add("ProcessorCount", ProcessorCount); - results.Add("SystemLang", systemLang); - results.Add("KeyboardLang", myCurrentLanguage.Culture.EnglishName); - results.Add("TimeZone", timeZone.DisplayName); - results.Add("IsVirtualMachine", isVM.ToString()); - results.Add("Current Time", now.ToString()); - results.Add("HighIntegrity", isHighIntegrity.ToString()); - results.Add("PartOfDomain", Checks.Checks.IsPartOfDomain.ToString()); - results.Add("Hotfixes", hotfixes); + using (var search = new ManagementObjectSearcher(query)) + { + using (var collection = search.Get()) + { + string hotfixes = ""; + foreach (ManagementObject quickFix in collection) + { + hotfixes += quickFix["HotFixID"].ToString() + ", "; + } + + results.Add("Hostname", strHostName); + if (dnsDomain.Length > 1) + { + results.Add("Domain Name", dnsDomain); + } + results.Add("ProductName", ProductName); + results.Add("EditionID", EditionID); + results.Add("ReleaseId", ReleaseId); + results.Add("BuildBranch", BuildBranch); + results.Add("CurrentMajorVersionNumber", CurrentMajorVersionNumber); + results.Add("CurrentVersion", CurrentVersion); + results.Add("Architecture", arch); + results.Add("ProcessorCount", ProcessorCount); + results.Add("SystemLang", systemLang); + results.Add("KeyboardLang", myCurrentLanguage.Culture.EnglishName); + results.Add("TimeZone", timeZone.DisplayName); + results.Add("IsVirtualMachine", isVM.ToString()); + results.Add("Current Time", now.ToString()); + results.Add("HighIntegrity", isHighIntegrity.ToString()); + results.Add("PartOfDomain", Checks.Checks.IsPartOfDomain.ToString()); + results.Add("Hotfixes", hotfixes); + } + } } catch (Exception ex) { @@ -153,11 +163,14 @@ namespace winPEAS.Info.SystemInfo whitelistpaths = String.Join("\n ", RegistryHelper.GetRegValues("HKLM", @"SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths").Keys); using (ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\SecurityCenter2", "SELECT * FROM AntiVirusProduct")) { - foreach (ManagementObject virusChecker in wmiData.Get()) + using (var data = wmiData.Get()) { - results["Name"] = (string)virusChecker["displayName"]; - results["ProductEXE"] = (string)virusChecker["pathToSignedProductExe"]; - results["pathToSignedReportingExe"] = (string)virusChecker["pathToSignedReportingExe"]; + foreach (ManagementObject virusChecker in data) + { + results["Name"] = (string)virusChecker["displayName"]; + results["ProductEXE"] = (string)virusChecker["pathToSignedProductExe"]; + results["pathToSignedReportingExe"] = (string)virusChecker["pathToSignedReportingExe"]; + } } } } diff --git a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs index 8651342..7803dcb 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs @@ -137,11 +137,16 @@ namespace winPEAS.Info.UserInfo List retList = new List(); try { - ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM Win32_UserProfile WHERE Loaded = True"); - foreach (ManagementObject user in searcher.Get()) + using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM Win32_UserProfile WHERE Loaded = True")) { - string username = new SecurityIdentifier(user["SID"].ToString()).Translate(typeof(NTAccount)).ToString(); - if (!username.Contains("NT AUTHORITY")) retList.Add(username); + using (var data = searcher.Get()) + { + foreach (ManagementObject user in data) + { + string username = new SecurityIdentifier(user["SID"].ToString()).Translate(typeof(NTAccount)).ToString(); + if (!username.Contains("NT AUTHORITY")) retList.Add(username); + } + } } } catch (Exception ex) @@ -157,21 +162,27 @@ namespace winPEAS.Info.UserInfo try { SelectQuery query = new SelectQuery("Win32_UserProfile"); - ManagementObjectSearcher searcher = new ManagementObjectSearcher(query); - foreach (ManagementObject user in searcher.Get()) + + using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query)) { - try + using (var data = searcher.Get()) { - string username = new SecurityIdentifier(user["SID"].ToString()).Translate(typeof(NTAccount)).ToString(); - if (!username.Contains("NT AUTHORITY")) + foreach (ManagementObject user in data) { - retList.Add(username); + try + { + string username = new SecurityIdentifier(user["SID"].ToString()).Translate(typeof(NTAccount)).ToString(); + if (!username.Contains("NT AUTHORITY")) + { + retList.Add(username); + } + } + // user SID could not be translated, ignore + catch (Exception) + { + } } } - // user SID could not be translated, ignore - catch (Exception) - { - } } } catch (Exception ex) @@ -195,18 +206,21 @@ namespace winPEAS.Info.UserInfo SelectQuery query = new SelectQuery("Win32_UserAccount"); using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query)) { - foreach (ManagementObject envVar in searcher.Get()) + using (var data = searcher.Get()) { - string username = (string)envVar["Name"]; - username = username?.ToLower(); - - if (currentUsername != username) + foreach (ManagementObject envVar in data) { - string userDirectory = Path.Combine(usersBaseDirectory, username); + string username = (string)envVar["Name"]; + username = username?.ToLower(); - if (Directory.Exists(userDirectory)) + if (currentUsername != username) { - result.Add(userDirectory.ToLower()); + string userDirectory = Path.Combine(usersBaseDirectory, username); + + if (Directory.Exists(userDirectory)) + { + result.Add(userDirectory.ToLower()); + } } } }