- added search for hidden files in c:\users
This commit is contained in:
makikvues
parent
f5155d5eb4
commit
2a0ab7bf77
@ -125,6 +125,7 @@ namespace winPEAS.Checks
|
|||||||
PrintUsersDocsKeys,
|
PrintUsersDocsKeys,
|
||||||
PrintRecentFiles,
|
PrintRecentFiles,
|
||||||
PrintRecycleBin,
|
PrintRecycleBin,
|
||||||
|
PrintHiddenFilesAndFolders,
|
||||||
PrintOtherUsersInterestingFiles
|
PrintOtherUsersInterestingFiles
|
||||||
}.ForEach(action => CheckRunner.Run(action, isDebug));
|
}.ForEach(action => CheckRunner.Run(action, isDebug));
|
||||||
}
|
}
|
||||||
@ -541,5 +542,106 @@ namespace winPEAS.Checks
|
|||||||
Beaprint.PrintException(ex.Message);
|
Beaprint.PrintException(ex.Message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void PrintHiddenFilesAndFolders()
|
||||||
|
{
|
||||||
|
HashSet<string> excludedFilenames = new HashSet<string>()
|
||||||
|
{
|
||||||
|
"cache.bin",
|
||||||
|
"container.dat",
|
||||||
|
"desktop.ini",
|
||||||
|
"iconcache.db",
|
||||||
|
"ntuser.ini",
|
||||||
|
"ntuser.dat",
|
||||||
|
"ntuser.dat.log1",
|
||||||
|
"ntuser.dat.log2",
|
||||||
|
"pof.dat.log1",
|
||||||
|
"pof.dat.log2",
|
||||||
|
"privateregistry.bin.log1",
|
||||||
|
"privateregistry.bin.log2",
|
||||||
|
"settings.dat.log1",
|
||||||
|
"settings.dat.log2",
|
||||||
|
"thumbs.db",
|
||||||
|
"user.dat.log1",
|
||||||
|
"user.dat.log2",
|
||||||
|
"userclasses.dat",
|
||||||
|
"userclasses.dat.log1",
|
||||||
|
"userclasses.dat.log2",
|
||||||
|
"usrclass.dat",
|
||||||
|
"usrclass.dat.log1",
|
||||||
|
"usrclass.dat.log2",
|
||||||
|
};
|
||||||
|
|
||||||
|
HashSet<string> excludedExtensions = new HashSet<string>()
|
||||||
|
{
|
||||||
|
".blf",
|
||||||
|
".igpi",
|
||||||
|
".regtrans-ms",
|
||||||
|
".search-ms",
|
||||||
|
".suo",
|
||||||
|
};
|
||||||
|
|
||||||
|
HashSet<string> excludedKnownFolders = new HashSet<string>()
|
||||||
|
{
|
||||||
|
"accountpictures",
|
||||||
|
"appdata",
|
||||||
|
"application data",
|
||||||
|
"cookies",
|
||||||
|
"desktop",
|
||||||
|
"documents",
|
||||||
|
"intelgraphicsprofiles",
|
||||||
|
"libraries",
|
||||||
|
"local settings",
|
||||||
|
"my documents",
|
||||||
|
"nethood",
|
||||||
|
"printhood",
|
||||||
|
"recent",
|
||||||
|
"recent",
|
||||||
|
"sendto",
|
||||||
|
"start menu",
|
||||||
|
"templates",
|
||||||
|
};
|
||||||
|
|
||||||
|
var systemDrive = Environment.GetEnvironmentVariable("SystemDrive");
|
||||||
|
|
||||||
|
Beaprint.MainPrint($"Searching hidden files or folders in {systemDrive}\\Users home (can be slow)\n");
|
||||||
|
|
||||||
|
foreach (var file in SearchHelper.RootDirUsers)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (File.GetAttributes(file.FullPath).HasFlag(FileAttributes.Hidden))
|
||||||
|
{
|
||||||
|
if (file.Extension != null && excludedExtensions.Contains(file.Extension.ToLower()))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file.Filename != null && excludedFilenames.Contains(file.Filename.ToLower()))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
// skip well known folders
|
||||||
|
if (excludedKnownFolders.Contains(Path.GetFileName(file.FullPath).ToLower()))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file.FullPath.ToLower().Contains("microsoft"))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
Beaprint.BadPrint($" {file.FullPath}");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (PathTooLongException ex) { }
|
||||||
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
// & other exceptions
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,18 +6,17 @@ namespace winPEAS.Helpers
|
|||||||
internal static class CheckRunner
|
internal static class CheckRunner
|
||||||
{
|
{
|
||||||
public static void Run(Action action, bool isDebug, string description = null)
|
public static void Run(Action action, bool isDebug, string description = null)
|
||||||
|
{
|
||||||
|
if (!isDebug)
|
||||||
|
{
|
||||||
|
action();
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
var timer = new Stopwatch();
|
var timer = new Stopwatch();
|
||||||
|
|
||||||
if (isDebug)
|
|
||||||
{
|
|
||||||
timer.Start();
|
timer.Start();
|
||||||
}
|
|
||||||
|
|
||||||
action();
|
action();
|
||||||
|
|
||||||
if (isDebug)
|
|
||||||
{
|
|
||||||
timer.Stop();
|
timer.Stop();
|
||||||
|
|
||||||
TimeSpan timeTaken = timer.Elapsed;
|
TimeSpan timeTaken = timer.Elapsed;
|
||||||
|
|||||||
@ -10,14 +10,12 @@ namespace winPEAS.Helpers.Search
|
|||||||
{
|
{
|
||||||
static class SearchHelper
|
static class SearchHelper
|
||||||
{
|
{
|
||||||
private static List<CustomFileInfo> RootDirUsers;
|
public static List<CustomFileInfo> RootDirUsers;
|
||||||
private static List<CustomFileInfo> RootDirCurrentUser;
|
private static List<CustomFileInfo> RootDirCurrentUser;
|
||||||
private static List<CustomFileInfo> ProgramFiles;
|
private static List<CustomFileInfo> ProgramFiles;
|
||||||
private static List<CustomFileInfo> ProgramFilesX86;
|
private static List<CustomFileInfo> ProgramFilesX86;
|
||||||
private static List<CustomFileInfo> DocumentsAndSettings;
|
private static List<CustomFileInfo> DocumentsAndSettings;
|
||||||
private static List<CustomFileInfo> GroupPolicyHistory;
|
private static List<CustomFileInfo> GroupPolicyHistory;
|
||||||
// private static List<CustomFileInfo> GroupPolicyHistoryLegacy;
|
|
||||||
|
|
||||||
|
|
||||||
public static List<CustomFileInfo> GetFilesFast(string folder, string pattern = "*", HashSet<string> excludedDirs = null, bool isFoldersIncluded = false)
|
public static List<CustomFileInfo> GetFilesFast(string folder, string pattern = "*", HashSet<string> excludedDirs = null, bool isFoldersIncluded = false)
|
||||||
{
|
{
|
||||||
@ -32,14 +30,7 @@ namespace winPEAS.Helpers.Search
|
|||||||
bool shouldAdd = true;
|
bool shouldAdd = true;
|
||||||
string startDirLower = startDir.FullName.ToLower();
|
string startDirLower = startDir.FullName.ToLower();
|
||||||
|
|
||||||
foreach (var excludedDirPattern in excludedDirs)
|
shouldAdd = !excludedDirs.Contains(startDirLower);
|
||||||
{
|
|
||||||
if (Regex.IsMatch(startDirLower, excludedDirPattern, RegexOptions.IgnoreCase))
|
|
||||||
{
|
|
||||||
shouldAdd = false;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (shouldAdd)
|
if (shouldAdd)
|
||||||
{
|
{
|
||||||
@ -171,7 +162,7 @@ namespace winPEAS.Helpers.Search
|
|||||||
|
|
||||||
// c:\users
|
// c:\users
|
||||||
string rootUsersSearchPath = $"{systemDrive}\\Users\\";
|
string rootUsersSearchPath = $"{systemDrive}\\Users\\";
|
||||||
SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, globalPattern);
|
SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, globalPattern, isFoldersIncluded: true);
|
||||||
|
|
||||||
// c:\users\current_user
|
// c:\users\current_user
|
||||||
string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
|
string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
<StartArguments>applicationsinfo</StartArguments>
|
<StartArguments>applicationsinfo</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
||||||
<StartArguments>cmd fast</StartArguments>
|
<StartArguments>debug</StartArguments>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
|
||||||
<StartArguments>fast</StartArguments>
|
<StartArguments>fast</StartArguments>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user