darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

az tokens

Browse Source
This commit is contained in:
Carlos Polop 2025-01-25 00:40:15 +01:00
parent 21a5ef9325
commit 7cd9e6f78b
4 changed files with 46 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json
View File

File diff suppressed because one or more lines are too long

2
winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs
View File

@ -21,7 +21,7 @@ namespace winPEAS.Checks
{ {
new AWSInfo(), new AWSInfo(),
new AzureInfo(), new AzureInfo(),
new AzureCliInfo(), new AzureTokensInfo(),
new GCPInfo(), new GCPInfo(),
new GCPJoinedInfo(), new GCPJoinedInfo(),
new GCDSInfo(), new GCDSInfo(),

38
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureCliInfo.cs → winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs
View File

@ -19,21 +19,33 @@ using System.Text.Json.Nodes;
namespace winPEAS.Info.CloudInfo namespace winPEAS.Info.CloudInfo
{ {
internal class AzureCliInfo : CloudInfoBase internal class AzureTokensInfo : CloudInfoBase
{ {
public override string Name => "Azure Cli"; public override string Name => "Azure Tokens";
public override bool IsCloud => CheckIfAzureCliInstalled(); public override bool IsCloud => CheckIfAzureTokensInstalled();
private Dictionary<string, List<EndpointData>> _endpointData = null; private Dictionary<string, List<EndpointData>> _endpointData = null;
public static bool CheckIfAzureCliInstalled() public static bool CheckIfAzureTokensInstalled()
{ {
string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile); string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string AzureFolderPath = Path.Combine(homeDirectory, ".Azure"); string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
string azureFolderPath = Path.Combine(homeDirectory, ".azure"); string azureFolderPath = Path.Combine(homeDirectory, ".azure");
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath); string identityCachePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"IdentityCache"
);
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath);
} }
public static string TBRESDecryptedData(string filePath) public static string TBRESDecryptedData(string filePath)
@ -79,6 +91,9 @@ namespace winPEAS.Info.CloudInfo
azureHomePath = AzureFolderPath; azureHomePath = AzureFolderPath;
}; };
if (Directory.Exists(azureHomePath))
{
// Files that doesn't need decryption // Files that doesn't need decryption
string[] fileNames = { string[] fileNames = {
@"azureProfile.json", @"azureProfile.json",
@ -107,6 +122,7 @@ namespace winPEAS.Info.CloudInfo
} }
} }
} }
}
@ -136,13 +152,6 @@ namespace winPEAS.Info.CloudInfo
} }
// Get the IdentityCache directory path and encrypted files with tokens
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
// Files that need decryption // Files that need decryption
string[] fileNamesEncrp = { string[] fileNamesEncrp = {
@"service_principal_entries.bin", @"service_principal_entries.bin",
@ -189,6 +198,11 @@ namespace winPEAS.Info.CloudInfo
//TBRES files //TBRES files
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
string[] tbFiles = { }; string[] tbFiles = { };

2
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

@ -1226,7 +1226,7 @@
<Compile Include="Info\CloudInfo\AWSInfo.cs" /> <Compile Include="Info\CloudInfo\AWSInfo.cs" />
<Compile Include="Info\CloudInfo\AzureInfo.cs" /> <Compile Include="Info\CloudInfo\AzureInfo.cs" />
<Compile Include="Info\CloudInfo\EndpointData.cs" /> <Compile Include="Info\CloudInfo\EndpointData.cs" />
<Compile Include="Info\CloudInfo\AzureCliInfo.cs" /> <Compile Include="Info\CloudInfo\AzureTokensInfo.cs" />
<Compile Include="Info\CloudInfo\GPSInfo.cs" /> <Compile Include="Info\CloudInfo\GPSInfo.cs" />
<Compile Include="Info\CloudInfo\GCDSInfo.cs" /> <Compile Include="Info\CloudInfo\GCDSInfo.cs" />
<Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" /> <Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />