darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

az tokens

Browse Source
This commit is contained in:
Carlos Polop 2025-01-25 00:40:15 +01:00
parent 21a5ef9325
commit 7cd9e6f78b
4 changed files with 46 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json
View File

File diff suppressed because one or more lines are too long

2
winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs
View File

@ -21,7 +21,7 @@ namespace winPEAS.Checks
{ {
new AWSInfo(), new AWSInfo(),
new AzureInfo(), new AzureInfo(),
new AzureCliInfo(), new AzureTokensInfo(),
new GCPInfo(), new GCPInfo(),
new GCPJoinedInfo(), new GCPJoinedInfo(),
new GCDSInfo(), new GCDSInfo(),

72
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureCliInfo.cs → winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs
View File

@ -19,21 +19,33 @@ using System.Text.Json.Nodes;
namespace winPEAS.Info.CloudInfo namespace winPEAS.Info.CloudInfo
{ {
internal class AzureCliInfo : CloudInfoBase internal class AzureTokensInfo : CloudInfoBase
{ {
public override string Name => "Azure Cli"; public override string Name => "Azure Tokens";
public override bool IsCloud => CheckIfAzureCliInstalled(); public override bool IsCloud => CheckIfAzureTokensInstalled();
private Dictionary<string, List<EndpointData>> _endpointData = null; private Dictionary<string, List<EndpointData>> _endpointData = null;
public static bool CheckIfAzureCliInstalled() public static bool CheckIfAzureTokensInstalled()
{ {
string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile); string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string AzureFolderPath = Path.Combine(homeDirectory, ".Azure"); string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
string azureFolderPath = Path.Combine(homeDirectory, ".azure"); string azureFolderPath = Path.Combine(homeDirectory, ".azure");
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath); string identityCachePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"IdentityCache"
);
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath);
} }
public static string TBRESDecryptedData(string filePath) public static string TBRESDecryptedData(string filePath)
@ -79,31 +91,35 @@ namespace winPEAS.Info.CloudInfo
azureHomePath = AzureFolderPath; azureHomePath = AzureFolderPath;
}; };
// Files that doesn't need decryption if (Directory.Exists(azureHomePath))
string[] fileNames = { {
// Files that doesn't need decryption
string[] fileNames = {
@"azureProfile.json", @"azureProfile.json",
@"clouds.config", @"clouds.config",
@"service_principal_entries.json", @"service_principal_entries.json",
@"msal_token_cache.json" @"msal_token_cache.json"
}; };
foreach (string fileName in fileNames) foreach (string fileName in fileNames)
{
string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
{ {
try string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
{ {
// Read the file content try
string fileContent = File.ReadAllText(filePath); {
// Read the file content
string fileContent = File.ReadAllText(filePath);
// Add the file path and content to the dictionary // Add the file path and content to the dictionary
AzureCliValues[filePath] = fileContent; AzureCliValues[filePath] = fileContent;
} }
catch (Exception ex) catch (Exception ex)
{ {
Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}"); Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
}
} }
} }
} }
@ -134,14 +150,7 @@ namespace winPEAS.Info.CloudInfo
{ {
Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}"); Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}");
} }
// Get the IdentityCache directory path and encrypted files with tokens
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
// Files that need decryption // Files that need decryption
string[] fileNamesEncrp = { string[] fileNamesEncrp = {
@ -189,6 +198,11 @@ namespace winPEAS.Info.CloudInfo
//TBRES files //TBRES files
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);
string[] tbFiles = { }; string[] tbFiles = { };

2
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

@ -1226,7 +1226,7 @@
<Compile Include="Info\CloudInfo\AWSInfo.cs" /> <Compile Include="Info\CloudInfo\AWSInfo.cs" />
<Compile Include="Info\CloudInfo\AzureInfo.cs" /> <Compile Include="Info\CloudInfo\AzureInfo.cs" />
<Compile Include="Info\CloudInfo\EndpointData.cs" /> <Compile Include="Info\CloudInfo\EndpointData.cs" />
<Compile Include="Info\CloudInfo\AzureCliInfo.cs" /> <Compile Include="Info\CloudInfo\AzureTokensInfo.cs" />
<Compile Include="Info\CloudInfo\GPSInfo.cs" /> <Compile Include="Info\CloudInfo\GPSInfo.cs" />
<Compile Include="Info\CloudInfo\GCDSInfo.cs" /> <Compile Include="Info\CloudInfo\GCDSInfo.cs" />
<Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" /> <Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />