From 70f33f8f4170accb99afee2f8eabb405655f615a Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Sun, 29 Mar 2020 23:29:15 +0100
Subject: [PATCH 1/2] Update linpeas.sh

---
 linPEAS/linpeas.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh
index 8239357..fa10414 100755
--- a/linPEAS/linpeas.sh
+++ b/linPEAS/linpeas.sh
@@ -1365,7 +1365,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
 
   ##-- 32SI) Cached AD Hashes
   adhashes=`ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null`
-  printf $Y"[+] "$GREEN"Looking for AD cached hahses\n"$NC
+  printf $Y"[+] "$GREEN"Looking for AD cached hashes\n"$NC
   if [ "$adhashes" ]; then
     ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null
   else echo_not_found "cached hashes"

From 752b8f0a672feee3d8db17d21fc7c417e2658a96 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Sun, 29 Mar 2020 23:38:39 +0100
Subject: [PATCH 2/2] Update Program.cs

---
 winPEAS/winPEASexe/winPEAS/Program.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs
index 51698d5..b1a5093 100644
--- a/winPEAS/winPEASexe/winPEAS/Program.cs
+++ b/winPEAS/winPEASexe/winPEAS/Program.cs
@@ -20,7 +20,7 @@ namespace winPEAS
         // Static blacklists
         static string strTrue = "True";
         static string strFalse = "False";
-        static string badgroups = "docker|Remote |Admins|DNSAdmin|Azure Admins";//The space in Remote is important to not mix with SeShutdownRemotePrivilege
+        static string badgroups = "docker|Remote |DNSAdmins|Azure Admins|Admins";//The space in Remote is important to not mix with SeShutdownRemotePrivilege
         static string badpasswd = "NotChange|NotExpi";
         static string badPrivileges = "SeImpersonatePrivilege|SeAssignPrimaryPrivilege|SeTcbPrivilege|SeBackupPrivilege|SeRestorePrivilege|SeCreateTokenPrivilege|SeLoadDriverPrivilege|SeTakeOwnershipPrivilege|SeDebugPrivilege";
         static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
@@ -495,7 +495,7 @@ namespace winPEAS
                 {
                     { paint_activeUsers_no_Administrator, Beaprint.ansi_users_active },
                     { currentUserName + "|"+ currentUserDomainName, Beaprint.ansi_current_user },
-                    { paint_adminUsers+"|"+ badgroups + "|" + badgroups + "|" + badpasswd + "|" + badPrivileges + "|" + "DefaultPassword.*", Beaprint.ansi_color_bad },
+                    { paint_adminUsers+"|"+ badgroups + "|" + badpasswd + "|" + badPrivileges + "|" + "DefaultPassword.*", Beaprint.ansi_color_bad },
                     { @"Disabled", Beaprint.ansi_users_disabled },
                 };