diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..7e93194 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,23 @@ +#### Issue description + + +#### Steps to reproduce the issue + +1. +2. +3. + +#### clean / obfuscated winpeas? + + +#### AV / Threat protection used + + +#### Windows version / build + + +#### Failing Winpeas check + + +#### Additional details / screenshot + diff --git a/.github/workflows/CI-master_tests.yml b/.github/workflows/CI-master_tests.yml index e7bd518..281f2a8 100644 --- a/.github/workflows/CI-master_tests.yml +++ b/.github/workflows/CI-master_tests.yml @@ -80,22 +80,18 @@ jobs: whoami mkdir -p $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0 -erroraction 'silentlycontinue' cp DotfuscatorCE\license\* $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0\ - # build obfuscated versions - name: Build obfuscated versions run: | DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x64.xml" DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x86.xml" DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\any.xml" - - # copy the files - name: Copy Dotfuscator generated files run: | cp $env:DotFuscatorGeneratedPath\x64\winPEASx64.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64.exe" cp $env:DotFuscatorGeneratedPath\x86\winPEASx86.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86.exe" cp $env:DotFuscatorGeneratedPath\any\winPEASany.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany.exe" - # Git add - name: Create local changes run: | @@ -103,7 +99,6 @@ jobs: git add winPEAS\winPEASexe\binaries\x64\* git add winPEAS\winPEASexe\binaries\x86\* git add "winPEAS\winPEASexe\binaries\Obfuscated Releases\*.exe" - # Git commit - name: Commit results to Github run: | @@ -177,4 +172,4 @@ jobs: run: linPEAS/linpeas.sh -h - name: Run macpeas - run: linPEAS/linpeas.sh -o SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI + run: linPEAS/linpeas.sh -o SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI \ No newline at end of file diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index d448e71..e1c43ea 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -2,6 +2,7 @@ ## LINPEAS SPECIFICATIONS ## ############################ + root_folders: - /applications #common - /bin #common diff --git a/winPEAS/README.md b/winPEAS/README.md index 01fec28..1f1b11a 100755 --- a/winPEAS/README.md +++ b/winPEAS/README.md @@ -7,12 +7,9 @@ Check the **Local Windows Privilege Escalation checklist** from **[book.hacktric Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** ## WinPEAS .exe and .bat -- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5 required) - [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) - -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. +- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required) + - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks** ## Please, if this tool has been useful for you consider to donate diff --git a/winPEAS/winPEASbat/README.md b/winPEAS/winPEASbat/README.md index cf3a656..3e13fa2 100755 --- a/winPEAS/winPEASbat/README.md +++ b/winPEAS/winPEASbat/README.md @@ -133,11 +133,6 @@ This is the kind of outpuf that you have to look for when usnig the winPEAS.bat [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. - - ## Advisory All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index 89ddd01..e9c8590 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -10,7 +10,7 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac ## Quick Start -**.Net >= 4.5 is required** +**.Net >= 4.5.2 is required** Precompiled binaries: - Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/binaries/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation). @@ -107,7 +107,7 @@ REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1 Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective). -## Instructions to compile +## Instructions to compile you own obfuscated version In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*. @@ -264,11 +264,6 @@ Once you have installed and activated it you need to: -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. - - ## TODO - Add more checks - Mantain updated Watson (last JAN 2021) diff --git a/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs b/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs new file mode 100644 index 0000000..a7abc47 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs @@ -0,0 +1,24 @@ +using Microsoft.VisualStudio.TestTools.UnitTesting; +using System; + +namespace winPEAS.Tests +{ + [TestClass] + public class SmokeTests + { + [TestMethod] + public void ShouldRunWinPeass() + { + try + { + string[] args = new string[] { "systeminfo", "userinfo", "networkinfo", "servicesinfo","processinfo" }; + Program.Main(args); + } + catch (Exception e) + { + Assert.Fail($"Exception thrown: {e.Message}"); + } + } + } +} + diff --git a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs index c69d482..cc20090 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs @@ -139,7 +139,7 @@ namespace winPEAS.Checks // get our properties // ref - https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdatehistoryentry - var title = searcherObj.GetType().InvokeMember("Title", BindingFlags.GetProperty, null, item, new object[] { }).ToString(); + var title = searcherObj.GetType().InvokeMember("Title", BindingFlags.GetProperty, null, item, new object[] { })?.ToString() ?? string.Empty; var date = searcherObj.GetType().InvokeMember("Date", BindingFlags.GetProperty, null, item, new object[] { }); var description = searcherObj.GetType().InvokeMember("Description", BindingFlags.GetProperty, null, item, new object[] { }); var clientApplicationID = searcherObj.GetType().InvokeMember("ClientApplicationID", BindingFlags.GetProperty, null, item, new object[] { }); diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs index ad98b46..67d6d18 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs @@ -80,12 +80,15 @@ namespace winPEAS.Helpers.AppLocker Beaprint.NoColorPrint($" AppLockerPolicy version: {appLockerSettings.Version}\n listing rules:\n\n"); - foreach (var rule in appLockerSettings.RuleCollection) + if (appLockerSettings.RuleCollection != null) { - PrintFileHashRules(rule); - PrintFilePathRules(rule); - PrintFilePublisherRules(rule); - } + foreach (var rule in appLockerSettings.RuleCollection) + { + PrintFileHashRules(rule); + PrintFilePathRules(rule); + PrintFilePublisherRules(rule); + } + } } catch (COMException) { diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs index b484caa..c584c27 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs @@ -143,6 +143,12 @@ namespace winPEAS.Helpers.Registry { myKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path); } + + if (myKey == null) + { + return new string[0]; + } + String[] subkeyNames = myKey.GetSubKeyNames(); return myKey.GetSubKeyNames(); } diff --git a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs index 3a43b0f..bdeae0b 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs @@ -92,6 +92,12 @@ namespace winPEAS.Info.SystemInfo.SysMon try { var key = registryKey.OpenSubKey(paramsKey); + + if (key == null) + { + return null; + } + byte[] result = (byte[])key.GetValue(val); return result; diff --git a/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs b/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs index 2c09d08..72f6540 100644 --- a/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs +++ b/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs @@ -90,7 +90,10 @@ namespace winPEAS.Wifi.NativeWifiApi ~WlanClient() { - WlanApi.WlanCloseHandle(clientHandle, IntPtr.Zero); + if (clientHandle != IntPtr.Zero) + { + WlanApi.WlanCloseHandle(clientHandle, IntPtr.Zero); + } } ///