darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #51 from Hackndo/powershell-history

Browse Source 
Add Powershell history file
This commit is contained in:
Carlos Polop 2020-06-24 15:22:42 +01:00 committed by GitHub
commit 808bde7617
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
winPEAS/winPEASexe/winPEAS/InterestingFiles.cs
View File

@ -437,6 +437,23 @@ namespace winPEAS
return results; return results;
} }
public static string GetConsoleHostHistory()
{
string result = "";
try
{
string searchLocation = String.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadline\\ConsoleHost_history.txt", Environment.GetEnvironmentVariable("USERPROFILE"));
if (System.IO.File.Exists(searchLocation))
result = searchLocation;
}
catch (Exception ex)
{
Beaprint.GrayPrint("Error: " + ex);
}
return result;
}
public static List<Dictionary<string, string>> GetRecycleBin() public static List<Dictionary<string, string>> GetRecycleBin()
{ {
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>(); List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();

26
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@ -1964,6 +1964,31 @@ namespace winPEAS
} }
} }
void PrintConsoleHostHistory()
{
try
{
Beaprint.MainPrint("Powershell History", "");
string console_host_history = InterestingFiles.GetConsoleHostHistory();
if (console_host_history != "")
{
string text = File.ReadAllText(console_host_history);
List<string> credStringsRegexPowershell = new List<string>(credStringsRegex);
credStringsRegexPowershell.Add("CONVERTTO-SECURESTRING");
if (MyUtils.ContainsAnyRegex(text.ToUpper(), credStringsRegexPowershell))
Beaprint.BadPrint(" " + console_host_history + " (Potential credentials found)");
else
System.Console.WriteLine(" " + console_host_history);
}
}
catch (Exception ex)
{
Beaprint.GrayPrint(String.Format("{0}", ex));
}
}
void PrintSAMBackups() void PrintSAMBackups()
{ {
try try
@ -2187,6 +2212,7 @@ namespace winPEAS
PrintSSHKeysReg(); PrintSSHKeysReg();
PrintCloudCreds(); PrintCloudCreds();
PrintUnattendFiles(); PrintUnattendFiles();
PrintConsoleHostHistory();
PrintSAMBackups(); PrintSAMBackups();
PrintMcAffeSitelistFiles(); PrintMcAffeSitelistFiles();
PrintCachedGPPPassword(); PrintCachedGPPPassword();