az tokens

This commit is contained in:
Carlos Polop 2025-01-25 00:40:15 +01:00
parent 21a5ef9325
commit 7cd9e6f78b
4 changed files with 46 additions and 32 deletions

File diff suppressed because one or more lines are too long

View File

@ -21,7 +21,7 @@ namespace winPEAS.Checks
{
new AWSInfo(),
new AzureInfo(),
new AzureCliInfo(),
new AzureTokensInfo(),
new GCPInfo(),
new GCPJoinedInfo(),
new GCDSInfo(),

View File

@ -19,21 +19,33 @@ using System.Text.Json.Nodes;
namespace winPEAS.Info.CloudInfo
{
internal class AzureCliInfo : CloudInfoBase
internal class AzureTokensInfo : CloudInfoBase
{
public override string Name => "Azure Cli";
public override string Name => "Azure Tokens";
public override bool IsCloud => CheckIfAzureCliInstalled();
public override bool IsCloud => CheckIfAzureTokensInstalled();
private Dictionary<string, List<EndpointData>> _endpointData = null;
public static bool CheckIfAzureCliInstalled()
public static bool CheckIfAzureTokensInstalled()
{
string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
string azureFolderPath = Path.Combine(homeDirectory, ".azure");
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath);
string identityCachePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"IdentityCache"
);
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath);
}
public static string TBRESDecryptedData(string filePath)
@ -79,31 +91,35 @@ namespace winPEAS.Info.CloudInfo
azureHomePath = AzureFolderPath;
};
// Files that doesn't need decryption
string[] fileNames = {
if (Directory.Exists(azureHomePath))
{
// Files that doesn't need decryption
string[] fileNames = {
@"azureProfile.json",
@"clouds.config",
@"service_principal_entries.json",
@"msal_token_cache.json"
};
foreach (string fileName in fileNames)
{
string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
foreach (string fileName in fileNames)
{
try
string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
{
// Read the file content
string fileContent = File.ReadAllText(filePath);
try
{
// Read the file content
string fileContent = File.ReadAllText(filePath);
// Add the file path and content to the dictionary
AzureCliValues[filePath] = fileContent;
}
catch (Exception ex)
{
Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
// Add the file path and content to the dictionary
AzureCliValues[filePath] = fileContent;
}
catch (Exception ex)
{
Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
}
}
}
}
@ -134,14 +150,7 @@ namespace winPEAS.Info.CloudInfo
{
Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}");
}
// Get the IdentityCache directory path and encrypted files with tokens
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
// Files that need decryption
string[] fileNamesEncrp = {
@ -189,6 +198,11 @@ namespace winPEAS.Info.CloudInfo
//TBRES files
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
string[] tbFiles = { };

View File

@ -1226,7 +1226,7 @@
<Compile Include="Info\CloudInfo\AWSInfo.cs" />
<Compile Include="Info\CloudInfo\AzureInfo.cs" />
<Compile Include="Info\CloudInfo\EndpointData.cs" />
<Compile Include="Info\CloudInfo\AzureCliInfo.cs" />
<Compile Include="Info\CloudInfo\AzureTokensInfo.cs" />
<Compile Include="Info\CloudInfo\GPSInfo.cs" />
<Compile Include="Info\CloudInfo\GCDSInfo.cs" />
<Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />