From 5a552913d23e43d2865aa111acd2e87f8ae2d90b Mon Sep 17 00:00:00 2001 From: makikvues Date: Tue, 6 Jul 2021 17:07:44 +0200 Subject: [PATCH 01/20] Update SmokeTests.cs - updated tests --- winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs b/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs index de21136..a7abc47 100644 --- a/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs +++ b/winPEAS/winPEASexe/winPEAS.Tests/SmokeTests.cs @@ -11,7 +11,7 @@ namespace winPEAS.Tests { try { - string[] args = new string[0]; + string[] args = new string[] { "systeminfo", "userinfo", "networkinfo", "servicesinfo","processinfo" }; Program.Main(args); } catch (Exception e) From c394b887358eeca538b26128b72e2cf25fabe4cb Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 11:55:41 +0200 Subject: [PATCH 02/20] update --- winPEAS/README.md | 2 +- winPEAS/winPEASexe/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/winPEAS/README.md b/winPEAS/README.md index 01fec28..5ec7b34 100755 --- a/winPEAS/README.md +++ b/winPEAS/README.md @@ -7,7 +7,7 @@ Check the **Local Windows Privilege Escalation checklist** from **[book.hacktric Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** ## WinPEAS .exe and .bat -- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5 required) +- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required) - [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) ## Let's improve PEASS together diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index 89ddd01..3464c9c 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -10,7 +10,7 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac ## Quick Start -**.Net >= 4.5 is required** +**.Net >= 4.5.2 is required** Precompiled binaries: - Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/binaries/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation). From 87e745deb7f0866bc71c6e97194222afc8492833 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 11:57:44 +0200 Subject: [PATCH 03/20] update readme --- winPEAS/winPEASexe/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index 3464c9c..fbbe5d3 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -107,7 +107,7 @@ REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1 Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective). -## Instructions to compile +## Instructions to compile you own obfuscated version In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*. From b421697b168463fddfbc515978b0eb2a29b5f3ff Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 12:52:10 +0200 Subject: [PATCH 04/20] readme updates --- winPEAS/README.md | 7 ++----- winPEAS/winPEASbat/README.md | 5 ----- winPEAS/winPEASexe/README.md | 5 ----- 3 files changed, 2 insertions(+), 15 deletions(-) diff --git a/winPEAS/README.md b/winPEAS/README.md index 5ec7b34..1f1b11a 100755 --- a/winPEAS/README.md +++ b/winPEAS/README.md @@ -7,12 +7,9 @@ Check the **Local Windows Privilege Escalation checklist** from **[book.hacktric Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** ## WinPEAS .exe and .bat -- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required) - [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) - -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. +- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required) + - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks** ## Please, if this tool has been useful for you consider to donate diff --git a/winPEAS/winPEASbat/README.md b/winPEAS/winPEASbat/README.md index cf3a656..3e13fa2 100755 --- a/winPEAS/winPEASbat/README.md +++ b/winPEAS/winPEASbat/README.md @@ -133,11 +133,6 @@ This is the kind of outpuf that you have to look for when usnig the winPEAS.bat [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. - - ## Advisory All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index fbbe5d3..e9c8590 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -264,11 +264,6 @@ Once you have installed and activated it you need to: -## Let's improve PEASS together - -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. - - ## TODO - Add more checks - Mantain updated Watson (last JAN 2021) From a19e7740ea66c65fdd2b17c70cfb63a76a7b487b Mon Sep 17 00:00:00 2001 From: makikvues Date: Tue, 13 Jul 2021 20:40:54 +0200 Subject: [PATCH 05/20] - updates --- .github/workflows/CI-winpeas_dev_test.yml | 3 ++- .github/workflows/CI-winpeas_master_test.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index c111f2b..fd8d3bb 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -67,7 +67,7 @@ jobs: echo "copy Any" cp winPEAS\winPEASexe\winPEAS\bin\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\$env:Configuration\winPEASany.exe - # build obfuscated versions + # Setup DotFuscator - name: Setup DotFuscator run: | 7z x winPEAS\winPEASexe\Dotfuscator\DotfuscatorCE.zip @@ -103,6 +103,7 @@ jobs: run: | git config --local user.email "ci@winpeas.com" git config --global user.name "CI-winpeas" + git pull git commit -m "winpeas binaries auto update" -a --allow-empty # Git push diff --git a/.github/workflows/CI-winpeas_master_test.yml b/.github/workflows/CI-winpeas_master_test.yml index 3c6db6c..924e8b0 100644 --- a/.github/workflows/CI-winpeas_master_test.yml +++ b/.github/workflows/CI-winpeas_master_test.yml @@ -67,7 +67,7 @@ jobs: echo "copy Any" cp winPEAS\winPEASexe\winPEAS\bin\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\$env:Configuration\winPEASany.exe - # build obfuscated versions + # Setup DotFuscator - name: Setup DotFuscator run: | 7z x winPEAS\winPEASexe\Dotfuscator\DotfuscatorCE.zip @@ -103,6 +103,7 @@ jobs: run: | git config --local user.email "ci@winpeas.com" git config --global user.name "CI-winpeas" + git pull git commit -m "winpeas binaries auto update" -a --allow-empty # Git push From 59a64941a176d8f14db05d31909541a0ce76caae Mon Sep 17 00:00:00 2001 From: makikvues Date: Tue, 13 Jul 2021 22:14:18 +0200 Subject: [PATCH 06/20] - whitespace change to test winpeas CI pipeline --- build_lists/sensitive_files.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index 3673013..200655c 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -2,6 +2,7 @@ ## LINPEAS SPECIFICATIONS ## ############################ + root_folders: - /applications #common - /bin #common From eadf7cedd14c71c04370398317e61501efa16401 Mon Sep 17 00:00:00 2001 From: makikvues Date: Wed, 14 Jul 2021 22:16:32 +0200 Subject: [PATCH 07/20] - updated winPEASexe/README.md - added whitespace to test github actions --- winPEAS/winPEASexe/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index e9c8590..b215a89 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,3 +287,4 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) + From ce481003377608f7a6abfea03710d1e203106e88 Mon Sep 17 00:00:00 2001 From: makikvues Date: Wed, 14 Jul 2021 22:58:51 +0200 Subject: [PATCH 08/20] - updated winpeas dev ci --- .github/workflows/CI-winpeas_dev_test.yml | 74 ++--------------------- 1 file changed, 4 insertions(+), 70 deletions(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index fd8d3bb..010693c 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -4,6 +4,10 @@ on: push: branches: - winpeas_dev + - linpeas_dev + paths: + - 'build_lists/sensitive_files.yaml' + - 'winPEAS/winPEASexe/**' workflow_dispatch: @@ -42,76 +46,6 @@ jobs: # Execute all unit tests in the solution - name: Execute unit tests run: dotnet test $env:Solution_Path - - # Build & update all versions - - name: Build all versions - run: | - echo "build x64" - msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64" - - echo "build x86" - msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86" - - echo "build Any CPU" - msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU" - - # Copy the built versions - - name: Copy all versions - run: | - echo "copy x64" - cp winPEAS\winPEASexe\winPEAS\bin\x64\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\x64\$env:Configuration\winPEASx64.exe - - echo "copy x86" - cp winPEAS\winPEASexe\winPEAS\bin\x86\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\x86\$env:Configuration\winPEASx86.exe - - echo "copy Any" - cp winPEAS\winPEASexe\winPEAS\bin\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\$env:Configuration\winPEASany.exe - - # Setup DotFuscator - - name: Setup DotFuscator - run: | - 7z x winPEAS\winPEASexe\Dotfuscator\DotfuscatorCE.zip - whoami - mkdir -p $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0 -erroraction 'silentlycontinue' - cp DotfuscatorCE\license\* $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0\ - - # build obfuscated versions - - name: Build obfuscated versions - run: | - DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x64.xml" - DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x86.xml" - DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\any.xml" - - - # copy the files - - name: Copy Dotfuscator generated files - run: | - cp $env:DotFuscatorGeneratedPath\x64\winPEASx64.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64.exe" - cp $env:DotFuscatorGeneratedPath\x86\winPEASx86.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86.exe" - cp $env:DotFuscatorGeneratedPath\any\winPEASany.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany.exe" - - # Git add - - name: Create local changes - run: | - git add winPEAS\winPEASexe\binaries\Release\* - git add winPEAS\winPEASexe\binaries\x64\* - git add winPEAS\winPEASexe\binaries\x86\* - git add "winPEAS\winPEASexe\binaries\Obfuscated Releases\*.exe" - - # Git commit - - name: Commit results to Github - run: | - git config --local user.email "ci@winpeas.com" - git config --global user.name "CI-winpeas" - git pull - git commit -m "winpeas binaries auto update" -a --allow-empty - - # Git push - - name: Push changes - uses: ad-m/github-push-action@master - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - branch: master # PR - uses: actions/checkout@v2 From 100064a8c9aa088266b987f8987ca87a02f57d47 Mon Sep 17 00:00:00 2001 From: makikvues Date: Wed, 14 Jul 2021 22:59:39 +0200 Subject: [PATCH 09/20] - whitespace --- winPEAS/winPEASexe/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index b215a89..e9c8590 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,4 +287,3 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) - From 57ee4ba9cd083bd92d285589ed1d0b59ee159cb1 Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:10:47 +0200 Subject: [PATCH 10/20] - testing create-pull-request@v1.3.1-multi --- .github/workflows/CI-winpeas_dev_test.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index 010693c..7ff6062 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -44,13 +44,17 @@ jobs: run: msbuild $env:Solution_Path # Execute all unit tests in the solution - - name: Execute unit tests - run: dotnet test $env:Solution_Path + #- name: Execute unit tests + # run: dotnet test $env:Solution_Path - # PR - - uses: actions/checkout@v2 - - name: pull-request - uses: repo-sync/pull-request@v2 + # PR + - name: Pull Request + # uses: repo-sync/pull-request@v2 + uses: peter-evans/create-pull-request@v1.3.1-multi + env: + GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} with: - destination_branch: "master" - github_token: ${{ secrets.PULL_REQUEST_TOKEN }} + #destination_branch: "master" + #github_token: ${{ secrets.PULL_REQUEST_TOKEN }} + branch: "master" + token: ${{ secrets.PULL_REQUEST_TOKEN }} From db7a8503813828357fb5c363b526bbf8db143eba Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:11:20 +0200 Subject: [PATCH 11/20] - updates to trigger CI --- winPEAS/winPEASexe/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index e9c8590..b215a89 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,3 +287,4 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) + From cd26231a9b1cc2b5a8f81df20914869a72b31588 Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:16:51 +0200 Subject: [PATCH 12/20] - updates of create-pull-request --- .github/workflows/CI-winpeas_dev_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index 7ff6062..0e7e825 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -50,7 +50,7 @@ jobs: # PR - name: Pull Request # uses: repo-sync/pull-request@v2 - uses: peter-evans/create-pull-request@v1.3.1-multi + uses: peter-evans/create-pull-request@v3.10.0-multi env: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} with: From d2e9942d1e53db61e4a2032471f0be27b3ee21de Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:17:13 +0200 Subject: [PATCH 13/20] - whitespace --- winPEAS/winPEASexe/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index b215a89..e9c8590 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,4 +287,3 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) - From 5ba2a266040c74b076034faa03799df8aef2ecf1 Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:21:44 +0200 Subject: [PATCH 14/20] - v1.6.1 multi --- .github/workflows/CI-winpeas_dev_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index 0e7e825..a575477 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -50,7 +50,7 @@ jobs: # PR - name: Pull Request # uses: repo-sync/pull-request@v2 - uses: peter-evans/create-pull-request@v3.10.0-multi + uses: peter-evans/create-pull-request@v1.6.1-multi env: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} with: From 83ea472cd5b7e2866c486eb7adb09c731f78e61f Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 08:22:05 +0200 Subject: [PATCH 15/20] - whitespace --- winPEAS/winPEASexe/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index e9c8590..b215a89 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,3 +287,4 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) + From 9896529574c3869d5297e32d3d607cd26850da6d Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 09:13:00 +0200 Subject: [PATCH 16/20] - CI winpeas dev test updates --- .github/workflows/CI-winpeas_dev_test.yml | 26 ++++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index a575477..b338717 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -47,14 +47,24 @@ jobs: #- name: Execute unit tests # run: dotnet test $env:Solution_Path + + create_pull_request: + runs-on: ubuntu-latest + needs: Build_and_test_winpeas_dev + + steps: + # checkout + - name: Checkout + uses: actions/checkout@v2 + # PR - name: Pull Request - # uses: repo-sync/pull-request@v2 - uses: peter-evans/create-pull-request@v1.6.1-multi - env: - GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} + uses: repo-sync/pull-request@v2 + #uses: peter-evans/create-pull-request@v3 + #env: + # GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} with: - #destination_branch: "master" - #github_token: ${{ secrets.PULL_REQUEST_TOKEN }} - branch: "master" - token: ${{ secrets.PULL_REQUEST_TOKEN }} + destination_branch: "master" + github_token: ${{ secrets.PULL_REQUEST_TOKEN }} + #branch: "master" + #token: ${{ secrets.PULL_REQUEST_TOKEN }} From 44f6d22489e9612efedb44dbaf7aabb9c7790ceb Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 09:13:25 +0200 Subject: [PATCH 17/20] - whitespace in README.md --- winPEAS/winPEASexe/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index b215a89..e9c8590 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -287,4 +287,3 @@ All the scripts/binaries of the PEAS Suite should be used for authorized penetra MIT License By Polop(TM), makikvues (makikvues2[at]gmail[dot].com) - From 94212e403ef311885b1fe356a912dffae8216507 Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 09:22:50 +0200 Subject: [PATCH 18/20] - update CI winpeas dev test --- .github/workflows/CI-winpeas_dev_test.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml index b338717..33614a5 100644 --- a/.github/workflows/CI-winpeas_dev_test.yml +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -20,14 +20,13 @@ jobs: env: Solution_Path: 'winPEAS\winPEASexe\winPEAS.sln' Configuration: 'Release' - DotFuscatorGeneratedPath: 'winPEAS\winPEASexe\binaries\Obfuscated Releases\Dotfuscated' steps: # checkout - name: Checkout uses: actions/checkout@v2 - # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild + # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild - name: Setup MSBuild.exe uses: microsoft/setup-msbuild@v1.0.2 @@ -44,8 +43,8 @@ jobs: run: msbuild $env:Solution_Path # Execute all unit tests in the solution - #- name: Execute unit tests - # run: dotnet test $env:Solution_Path + - name: Execute unit tests + run: dotnet test $env:Solution_Path create_pull_request: @@ -60,11 +59,7 @@ jobs: # PR - name: Pull Request uses: repo-sync/pull-request@v2 - #uses: peter-evans/create-pull-request@v3 - #env: - # GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_TOKEN }} with: destination_branch: "master" github_token: ${{ secrets.PULL_REQUEST_TOKEN }} - #branch: "master" - #token: ${{ secrets.PULL_REQUEST_TOKEN }} + \ No newline at end of file From 24884a1d7e55bc7777b9f7fd9500c43ac119ea4a Mon Sep 17 00:00:00 2001 From: makikvues Date: Thu, 15 Jul 2021 09:23:46 +0200 Subject: [PATCH 19/20] - ci pipeline updates - winpeas --- .github/workflows/CI-winpeas_master_test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/CI-winpeas_master_test.yml b/.github/workflows/CI-winpeas_master_test.yml index 924e8b0..aa4a97a 100644 --- a/.github/workflows/CI-winpeas_master_test.yml +++ b/.github/workflows/CI-winpeas_master_test.yml @@ -103,7 +103,6 @@ jobs: run: | git config --local user.email "ci@winpeas.com" git config --global user.name "CI-winpeas" - git pull git commit -m "winpeas binaries auto update" -a --allow-empty # Git push From dbfd0be62e5e4ed3efe7c2354b506d914f875e6d Mon Sep 17 00:00:00 2001 From: makikvues Date: Fri, 27 Aug 2021 21:19:16 +0200 Subject: [PATCH 20/20] - added ISSUE_TEMPLATE.md - added null reference checks --- .github/ISSUE_TEMPLATE.md | 23 +++++++++++++++++++ .../winPEASexe/winPEAS/Checks/SystemInfo.cs | 2 +- .../Helpers/AppLocker/AppLockerHelper.cs | 13 +++++++---- .../Helpers/Registry/RegistryHelper.cs | 6 +++++ .../winPEAS/Info/SystemInfo/SysMon/SysMon.cs | 6 +++++ .../winPEAS/Wifi/NativeWifiApi/WlanClient.cs | 5 +++- 6 files changed, 48 insertions(+), 7 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..7e93194 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,23 @@ +#### Issue description + + +#### Steps to reproduce the issue + +1. +2. +3. + +#### clean / obfuscated winpeas? + + +#### AV / Threat protection used + + +#### Windows version / build + + +#### Failing Winpeas check + + +#### Additional details / screenshot + diff --git a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs index c69d482..cc20090 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs @@ -139,7 +139,7 @@ namespace winPEAS.Checks // get our properties // ref - https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdatehistoryentry - var title = searcherObj.GetType().InvokeMember("Title", BindingFlags.GetProperty, null, item, new object[] { }).ToString(); + var title = searcherObj.GetType().InvokeMember("Title", BindingFlags.GetProperty, null, item, new object[] { })?.ToString() ?? string.Empty; var date = searcherObj.GetType().InvokeMember("Date", BindingFlags.GetProperty, null, item, new object[] { }); var description = searcherObj.GetType().InvokeMember("Description", BindingFlags.GetProperty, null, item, new object[] { }); var clientApplicationID = searcherObj.GetType().InvokeMember("ClientApplicationID", BindingFlags.GetProperty, null, item, new object[] { }); diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs index ad98b46..67d6d18 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs @@ -80,12 +80,15 @@ namespace winPEAS.Helpers.AppLocker Beaprint.NoColorPrint($" AppLockerPolicy version: {appLockerSettings.Version}\n listing rules:\n\n"); - foreach (var rule in appLockerSettings.RuleCollection) + if (appLockerSettings.RuleCollection != null) { - PrintFileHashRules(rule); - PrintFilePathRules(rule); - PrintFilePublisherRules(rule); - } + foreach (var rule in appLockerSettings.RuleCollection) + { + PrintFileHashRules(rule); + PrintFilePathRules(rule); + PrintFilePublisherRules(rule); + } + } } catch (COMException) { diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs index b484caa..c584c27 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs @@ -143,6 +143,12 @@ namespace winPEAS.Helpers.Registry { myKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path); } + + if (myKey == null) + { + return new string[0]; + } + String[] subkeyNames = myKey.GetSubKeyNames(); return myKey.GetSubKeyNames(); } diff --git a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs index 3a43b0f..bdeae0b 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs @@ -92,6 +92,12 @@ namespace winPEAS.Info.SystemInfo.SysMon try { var key = registryKey.OpenSubKey(paramsKey); + + if (key == null) + { + return null; + } + byte[] result = (byte[])key.GetValue(val); return result; diff --git a/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs b/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs index 2c09d08..72f6540 100644 --- a/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs +++ b/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/WlanClient.cs @@ -90,7 +90,10 @@ namespace winPEAS.Wifi.NativeWifiApi ~WlanClient() { - WlanApi.WlanCloseHandle(clientHandle, IntPtr.Zero); + if (clientHandle != IntPtr.Zero) + { + WlanApi.WlanCloseHandle(clientHandle, IntPtr.Zero); + } } ///