darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- rewrote Directory.Get* to Directory.Enumerate* to improve search speed

Browse Source
This commit is contained in:
makikvues 2021-02-04 21:07:56 +01:00
parent 2f4c58d202
commit 839e4a79ba
13 changed files with 169 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
View File

@ -318,7 +318,7 @@ namespace winPEAS.Checks
Beaprint.MainPrint("Looking for possible regs with creds"); Beaprint.MainPrint("Looking for possible regs with creds");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#inside-the-registry"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#inside-the-registry");
string winVnc4 = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\RealVNC\WinVNC4", "passwword"); string winVnc4 = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\RealVNC\WinVNC4", "password");
if (!string.IsNullOrEmpty(winVnc4.Trim())) if (!string.IsNullOrEmpty(winVnc4.Trim()))
{ {
Beaprint.BadPrint(winVnc4); Beaprint.BadPrint(winVnc4);
@ -731,7 +731,7 @@ namespace winPEAS.Checks
if (Directory.Exists(path)) if (Directory.Exists(path))
{ {
var files = Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly); var files = Directory.EnumerateFiles(path, pattern, SearchOption.TopDirectoryOnly);
foreach (var file in files) foreach (var file in files)
{ {

4
winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
View File

@ -128,7 +128,7 @@ namespace winPEAS.Checks
string transcriptsPath = drive + @"transcripts\"; string transcriptsPath = drive + @"transcripts\";
string usersPath = $"{drive}users"; string usersPath = $"{drive}users";
string[] users = Directory.GetDirectories(usersPath, "*", SearchOption.TopDirectoryOnly); var users = Directory.EnumerateDirectories(usersPath, "*", SearchOption.TopDirectoryOnly);
string powershellTranscriptFilter = "powershell_transcript*"; string powershellTranscriptFilter = "powershell_transcript*";
var colors = new Dictionary<string, string>() var colors = new Dictionary<string, string>()
@ -159,7 +159,7 @@ namespace winPEAS.Checks
{ {
try try
{ {
var files = Directory.GetFiles(path, filter, SearchOption.TopDirectoryOnly).ToList(); var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly).ToList();
foreach (var file in files) foreach (var file in files)
{ {

4
winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs
View File

@ -325,8 +325,8 @@ namespace winPEAS.Helpers.AppLocker
try try
{ {
var subfolders = Directory.GetDirectories(path); var subfolders = Directory.EnumerateDirectories(path);
var files = Directory.GetFiles(path, "*", SearchOption.TopDirectoryOnly); var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);
ruleType = ruleType.ToLower(); ruleType = ruleType.ToLower();

4
winPEAS/winPEASexe/winPEAS/Helpers/PermissionsHelper.cs
View File

@ -264,9 +264,9 @@ namespace winPEAS.Helpers
results[path] = String.Join(", ", GetPermissionsFolder(path, Checks.Checks.CurrentUserSiDs)); results[path] = String.Join(", ", GetPermissionsFolder(path, Checks.Checks.CurrentUserSiDs));
if (string.IsNullOrEmpty(results[path])) if (string.IsNullOrEmpty(results[path]))
{ {
foreach (string d in Directory.GetDirectories(path)) foreach (string d in Directory.EnumerateDirectories(path))
{ {
foreach (string f in Directory.GetFiles(d)) foreach (string f in Directory.EnumerateFiles(d))
{ {
results[f] = String.Join(", ", GetPermissionsFile(f, Checks.Checks.CurrentUserSiDs)); results[f] = String.Join(", ", GetPermissionsFile(f, Checks.Checks.CurrentUserSiDs));
} }

197
winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs
View File

@ -115,55 +115,53 @@ namespace winPEAS.Helpers.Search
return result; return result;
} }
private static IEnumerable<DirectoryInfo> GetStartDirectories(string folder, ConcurrentBag<CustomFileInfo> files, string pattern, bool isFoldersIncluded = false)
private static List<DirectoryInfo> GetStartDirectories(string folder, ConcurrentBag<CustomFileInfo> files, string pattern, bool isFoldersIncluded = false)
{ {
DirectoryInfo dirInfo = null; while (true)
DirectoryInfo[] directories = null;
try
{ {
dirInfo = new DirectoryInfo(folder); DirectoryInfo[] directories = null;
directories = dirInfo.GetDirectories(); try
if (isFoldersIncluded)
{ {
foreach (var directory in directories) var dirInfo = new DirectoryInfo(folder);
directories = dirInfo.GetDirectories();
if (isFoldersIncluded)
{ {
files.Add(new CustomFileInfo(null, null, directory.FullName)); foreach (var directory in directories)
{
files.Add(new CustomFileInfo(null, null, directory.FullName));
}
} }
}
foreach (var f in dirInfo.GetFiles(pattern)) foreach (var f in dirInfo.GetFiles(pattern))
{
files.Add(new CustomFileInfo(f.Name, f.Extension, f.FullName));
}
if (directories.Length > 1) return new List<DirectoryInfo>(directories);
if (directories.Length == 0) return new List<DirectoryInfo>();
}
catch (UnauthorizedAccessException)
{ {
files.Add(new CustomFileInfo(f.Name, f.Extension, f.FullName)); return new List<DirectoryInfo>();
}
catch (PathTooLongException)
{
return new List<DirectoryInfo>();
}
catch (DirectoryNotFoundException)
{
return new List<DirectoryInfo>();
}
catch (Exception)
{
return new List<DirectoryInfo>();
} }
if (directories.Length > 1) folder = directories[0].FullName;
return new List<DirectoryInfo>(directories); isFoldersIncluded = false;
if (directories.Length == 0)
return new List<DirectoryInfo>();
} }
catch (UnauthorizedAccessException)
{
return new List<DirectoryInfo>();
}
catch (PathTooLongException)
{
return new List<DirectoryInfo>();
}
catch (DirectoryNotFoundException)
{
return new List<DirectoryInfo>();
}
catch (Exception)
{
return new List<DirectoryInfo>();
}
return GetStartDirectories(directories[0].FullName, files, pattern);
} }
internal static void CreateSearchDirectoriesList() internal static void CreateSearchDirectoriesList()
@ -205,15 +203,14 @@ namespace winPEAS.Helpers.Search
internal static void CleanLists() internal static void CleanLists()
{ {
// TODO SearchHelper.RootDirUsers = null;
//SearchHelper.RootDirUsers = null; SearchHelper.RootDirCurrentUser = null;
//SearchHelper.RootDirCurrentUser = null; SearchHelper.ProgramFiles = null;
//SearchHelper.ProgramFiles = null; SearchHelper.ProgramFilesX86 = null;
//SearchHelper.ProgramFilesX86 = null; SearchHelper.DocumentsAndSettings = null;
//SearchHelper.DocumentsAndSettings = null; SearchHelper.GroupPolicyHistory = null;
//SearchHelper.GroupPolicyHistory = null;
//GC.Collect(); GC.Collect();
} }
internal static IEnumerable<CustomFileInfo> SearchUserCredsFiles() internal static IEnumerable<CustomFileInfo> SearchUserCredsFiles()
@ -253,25 +250,29 @@ namespace winPEAS.Helpers.Search
foreach (var file in SearchHelper.RootDirCurrentUser) foreach (var file in SearchHelper.RootDirCurrentUser)
{ {
string extLower = file.Extension.ToLower(); if (!file.IsDirectory)
string nameLower = file.Filename.ToLower(); {
string extLower = file.Extension.ToLower();
string nameLower = file.Filename.ToLower();
if (Patterns.WhitelistExtensions.Contains(extLower) || if (Patterns.WhitelistExtensions.Contains(extLower) ||
Patterns.WhiteListExactfilenamesWithExtensions.Contains(nameLower)) Patterns.WhiteListExactfilenamesWithExtensions.Contains(nameLower))
{
result.Add(file.FullPath);
}
else
{
foreach (var pattern in Patterns.WhiteListRegexp)
{ {
if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase)) result.Add(file.FullPath);
}
else
{
foreach (var pattern in Patterns.WhiteListRegexp)
{ {
result.Add(file.FullPath); if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
{
result.Add(file.FullPath);
break; break;
}
} }
} }
} }
} }
@ -289,11 +290,14 @@ namespace winPEAS.Helpers.Search
foreach (var file in SearchHelper.GroupPolicyHistory) foreach (var file in SearchHelper.GroupPolicyHistory)
{ {
string extLower = file.Extension.ToLower(); if (!file.IsDirectory)
if (allowedExtensions.Contains(extLower))
{ {
result.Add(file.FullPath); string extLower = file.Extension.ToLower();
if (allowedExtensions.Contains(extLower))
{
result.Add(file.FullPath);
}
} }
} }
@ -317,11 +321,14 @@ namespace winPEAS.Helpers.Search
foreach (var file in searchFiles) foreach (var file in searchFiles)
{ {
string filenameToLower = file.Filename.ToLower(); if (!file.IsDirectory)
if (allowedFilenames.Contains(filenameToLower))
{ {
result.Add(file.FullPath); string filenameToLower = file.Filename.ToLower();
if (allowedFilenames.Contains(filenameToLower))
{
result.Add(file.FullPath);
}
} }
} }
@ -349,22 +356,25 @@ namespace winPEAS.Helpers.Search
foreach (var file in SearchHelper.RootDirCurrentUser) foreach (var file in SearchHelper.RootDirCurrentUser)
{ {
string extLower = file.Extension.ToLower(); if (!file.IsDirectory)
string nameLower = file.Filename.ToLower(); {
string extLower = file.Extension.ToLower();
string nameLower = file.Filename.ToLower();
if (allowedExtensions.Contains(extLower)) if (allowedExtensions.Contains(extLower))
{
result.Add(file.FullPath);
}
else
{
foreach (var pattern in allowedRegexp)
{ {
if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase)) result.Add(file.FullPath);
}
else
{
foreach (var pattern in allowedRegexp)
{ {
result.Add(file.FullPath); if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
{
result.Add(file.FullPath);
break; break;
}
} }
} }
} }
@ -394,22 +404,25 @@ namespace winPEAS.Helpers.Search
foreach (var file in SearchHelper.RootDirUsers) foreach (var file in SearchHelper.RootDirUsers)
{ {
string extLower = file.Extension.ToLower(); if (!file.IsDirectory)
string nameLower = file.Filename.ToLower(); {
string extLower = file.Extension.ToLower();
string nameLower = file.Filename.ToLower();
if (allowedExtensions.Contains(extLower)) if (allowedExtensions.Contains(extLower))
{
result.Add(file.FullPath);
}
else
{
foreach (var pattern in allowedRegexp)
{ {
if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase)) result.Add(file.FullPath);
}
else
{
foreach (var pattern in allowedRegexp)
{ {
result.Add(file.FullPath); if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
{
result.Add(file.FullPath);
break; break;
}
} }
} }
} }

4
winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs
View File

@ -343,7 +343,7 @@ namespace winPEAS.Info.ApplicationInfo
try try
{ {
var userDirs = Directory.GetDirectories(usersPath); var userDirs = Directory.EnumerateDirectories(usersPath);
foreach (var userDir in userDirs) foreach (var userDir in userDirs)
{ {
@ -363,7 +363,7 @@ namespace winPEAS.Info.ApplicationInfo
{ {
try try
{ {
var files = Directory.GetFiles(path, "*", SearchOption.TopDirectoryOnly); var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);
foreach (string filepath in files) foreach (string filepath in files)
{ {

4
winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/InstalledApps.cs
View File

@ -70,14 +70,14 @@ namespace winPEAS.Info.ApplicationInfo
var results = new SortedDictionary<string, Dictionary<string, string>>(); var results = new SortedDictionary<string, Dictionary<string, string>>();
try try
{ {
foreach (string f in Directory.GetFiles(fpath)) foreach (string f in Directory.EnumerateFiles(fpath))
{ {
results[f] = new Dictionary<string, string> results[f] = new Dictionary<string, string>
{ {
{ f, string.Join(", ", PermissionsHelper.GetPermissionsFile(f, Checks.Checks.CurrentUserSiDs)) } { f, string.Join(", ", PermissionsHelper.GetPermissionsFile(f, Checks.Checks.CurrentUserSiDs)) }
}; };
} }
foreach (string d in Directory.GetDirectories(fpath)) foreach (string d in Directory.EnumerateDirectories(fpath))
{ {
results[d] = PermissionsHelper.GetRecursivePrivs(d); results[d] = PermissionsHelper.GetRecursivePrivs(d);
} }

4
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Chrome/Chrome.cs
View File

@ -107,7 +107,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\"; string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\";
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -205,7 +205,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
Console.WriteLine("\r\n\r\n=== Chrome (All Users) ==="); Console.WriteLine("\r\n\r\n=== Chrome (All Users) ===");
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');

19
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Firefox/Firefox.cs
View File

@ -2,6 +2,7 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Data; using System.Data;
using System.IO; using System.IO;
using System.Linq;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using winPEAS.Checks; using winPEAS.Checks;
using winPEAS.Helpers; using winPEAS.Helpers;
@ -91,7 +92,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\"; string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\";
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -102,7 +103,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
string userFirefoxBasePath = $"{dir}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\"; string userFirefoxBasePath = $"{dir}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\";
if (System.IO.Directory.Exists(userFirefoxBasePath)) if (System.IO.Directory.Exists(userFirefoxBasePath))
{ {
string[] directories = Directory.GetDirectories(userFirefoxBasePath); var directories = Directory.EnumerateDirectories(userFirefoxBasePath);
foreach (string directory in directories) foreach (string directory in directories)
{ {
string firefoxCredentialFile3 = $"{directory}\\{"key3.db"}"; string firefoxCredentialFile3 = $"{directory}\\{"key3.db"}";
@ -129,7 +130,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
if (Directory.Exists(userFirefoxBasePath)) if (Directory.Exists(userFirefoxBasePath))
{ {
string[] directories = Directory.GetDirectories(userFirefoxBasePath); var directories = Directory.EnumerateDirectories(userFirefoxBasePath);
foreach (string directory in directories) foreach (string directory in directories)
{ {
string firefoxCredentialFile3 = $"{directory}\\{"key3.db"}"; string firefoxCredentialFile3 = $"{directory}\\{"key3.db"}";
@ -163,7 +164,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\"; string userFolder = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\";
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -194,7 +195,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
// parses a Firefox history file via regex // parses a Firefox history file via regex
if (Directory.Exists(path)) if (Directory.Exists(path))
{ {
string[] directories = Directory.GetDirectories(path); var directories = Directory.EnumerateDirectories(path);
foreach (string directory in directories) foreach (string directory in directories)
{ {
string firefoxHistoryFile = string.Format("{0}\\{1}", directory, "places.sqlite"); string firefoxHistoryFile = string.Format("{0}\\{1}", directory, "places.sqlite");
@ -239,16 +240,16 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
try try
{ {
string[] dirs = Directory.GetDirectories(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles")); var dirs = Directory.EnumerateDirectories(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles")).ToList();
if (dirs.Length == 0) if (!dirs.Any())
{ {
return logins; return logins;
} }
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] files = Directory.GetFiles(dir, "signons.sqlite"); string[] files = Directory.EnumerateFiles(dir, "signons.sqlite").ToArray();
if (files.Length > 0) if (files.Length > 0)
{ {
signonsFile = files[0]; signonsFile = files[0];
@ -256,7 +257,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
} }
// find &quot;logins.json"file // find &quot;logins.json"file
files = Directory.GetFiles(dir, "logins.json"); files = Directory.EnumerateFiles(dir, "logins.json").ToArray();
if (files.Length > 0) if (files.Length > 0)
{ {
loginsFile = files[0]; loginsFile = files[0];

9
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/InternetExplorer.cs
View File

@ -1,6 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq;
using System.Reflection; using System.Reflection;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
@ -121,8 +122,8 @@ namespace winPEAS.KnownFileCreds.Browsers
} }
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (var dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
string userName = parts[parts.Length - 1]; string userName = parts[parts.Length - 1];
@ -132,7 +133,7 @@ namespace winPEAS.KnownFileCreds.Browsers
if (Directory.Exists(userIEBookmarkPath)) if (Directory.Exists(userIEBookmarkPath))
{ {
string[] bookmarkPaths = Directory.GetFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories); string[] bookmarkPaths = Directory.EnumerateFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories).ToArray();
if (bookmarkPaths.Length != 0) if (bookmarkPaths.Length != 0)
{ {
foreach (string bookmarkPath in bookmarkPaths) foreach (string bookmarkPath in bookmarkPaths)
@ -180,7 +181,7 @@ namespace winPEAS.KnownFileCreds.Browsers
string userIEBookmarkPath = string.Format("{0}\\Favorites\\", System.Environment.GetEnvironmentVariable("USERPROFILE")); string userIEBookmarkPath = string.Format("{0}\\Favorites\\", System.Environment.GetEnvironmentVariable("USERPROFILE"));
string[] bookmarkPaths = Directory.GetFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories); string[] bookmarkPaths = Directory.EnumerateFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories).ToArray();
foreach (string bookmarkPath in bookmarkPaths) foreach (string bookmarkPath in bookmarkPaths)
{ {

59
winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
View File

@ -1,6 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq;
using System.Reflection; using System.Reflection;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Text; using System.Text;
@ -44,7 +45,7 @@ namespace winPEAS.KnownFileCreds
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -250,7 +251,7 @@ namespace winPEAS.KnownFileCreds
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -261,7 +262,7 @@ namespace winPEAS.KnownFileCreds
string recentPath = string.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", dir); string recentPath = string.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", dir);
try try
{ {
string[] recentFiles = Directory.GetFiles(recentPath, "*.lnk", SearchOption.AllDirectories); string[] recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories).ToArray();
if (recentFiles.Length != 0) if (recentFiles.Length != 0)
{ {
@ -298,7 +299,7 @@ namespace winPEAS.KnownFileCreds
{ {
string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", System.Environment.GetEnvironmentVariable("APPDATA")); string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", System.Environment.GetEnvironmentVariable("APPDATA"));
string[] recentFiles = Directory.GetFiles(recentPath, "*.lnk", SearchOption.AllDirectories); var recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories);
foreach (string recentFile in recentFiles) foreach (string recentFile in recentFiles)
{ {
@ -346,7 +347,7 @@ namespace winPEAS.KnownFileCreds
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
string[] parts = dir.Split('\\'); string[] parts = dir.Split('\\');
@ -361,10 +362,10 @@ namespace winPEAS.KnownFileCreds
{ {
if (System.IO.Directory.Exists(userDPAPIBasePath)) if (System.IO.Directory.Exists(userDPAPIBasePath))
{ {
string[] directories = Directory.GetDirectories(userDPAPIBasePath); var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
foreach (string directory in directories) foreach (string directory in directories)
{ {
string[] files = Directory.GetFiles(directory); var files = Directory.EnumerateFiles(directory);
foreach (string file in files) foreach (string file in files)
{ {
@ -374,11 +375,11 @@ namespace winPEAS.KnownFileCreds
DateTime lastModified = System.IO.File.GetLastWriteTime(file); DateTime lastModified = System.IO.File.GetLastWriteTime(file);
string fileName = System.IO.Path.GetFileName(file); string fileName = System.IO.Path.GetFileName(file);
results.Add(new Dictionary<string, string>() results.Add(new Dictionary<string, string>()
{ {
{ "MasterKey", file }, { "MasterKey", file },
{ "Accessed", string.Format("{0}", lastAccessed) }, { "Accessed", string.Format("{0}", lastAccessed) },
{ "Modified", string.Format("{0}", lastModified) }, { "Modified", string.Format("{0}", lastModified) },
}); });
} }
} }
} }
@ -398,10 +399,10 @@ namespace winPEAS.KnownFileCreds
{ {
if (System.IO.Directory.Exists(userDPAPIBasePath)) if (System.IO.Directory.Exists(userDPAPIBasePath))
{ {
string[] directories = Directory.GetDirectories(userDPAPIBasePath); var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
foreach (string directory in directories) foreach (string directory in directories)
{ {
string[] files = Directory.GetFiles(directory); var files = Directory.EnumerateFiles(directory);
foreach (string file in files) foreach (string file in files)
{ {
@ -439,7 +440,7 @@ namespace winPEAS.KnownFileCreds
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {
@ -455,8 +456,8 @@ namespace winPEAS.KnownFileCreds
{ {
if (System.IO.Directory.Exists(userCredFilePath)) if (System.IO.Directory.Exists(userCredFilePath))
{ {
string[] systemFiles = Directory.GetFiles(userCredFilePath); var systemFiles = Directory.EnumerateFiles(userCredFilePath);
if ((systemFiles != null) && (systemFiles.Length != 0)) if ((systemFiles != null))
{ {
foreach (string file in systemFiles) foreach (string file in systemFiles)
{ {
@ -481,14 +482,14 @@ namespace winPEAS.KnownFileCreds
string desc = Encoding.Unicode.GetString(descBytes); string desc = Encoding.Unicode.GetString(descBytes);
results.Add(new Dictionary<string, string>() results.Add(new Dictionary<string, string>()
{ {
{ "CredFile", file }, { "CredFile", file },
{ "Description", desc }, { "Description", desc },
{ "MasterKey", string.Format("{0}", guidMasterKey) }, { "MasterKey", string.Format("{0}", guidMasterKey) },
{ "Accessed", string.Format("{0}", lastAccessed) }, { "Accessed", string.Format("{0}", lastAccessed) },
{ "Modified", string.Format("{0}", lastModified) }, { "Modified", string.Format("{0}", lastModified) },
{ "Size", string.Format("{0}", size) }, { "Size", string.Format("{0}", size) },
}); });
} }
} }
} }
@ -497,8 +498,8 @@ namespace winPEAS.KnownFileCreds
} }
string systemFolder = string.Format("{0}\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Credentials", Environment.GetEnvironmentVariable("SystemRoot")); string systemFolder = string.Format("{0}\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Credentials", Environment.GetEnvironmentVariable("SystemRoot"));
string[] files = Directory.GetFiles(systemFolder); var files = Directory.EnumerateFiles(systemFolder);
if ((files != null) && (files.Length != 0)) if ((files != null))
{ {
foreach (string file in files) foreach (string file in files)
{ {
@ -543,9 +544,9 @@ namespace winPEAS.KnownFileCreds
foreach (string userCredFilePath in userCredFilePaths) foreach (string userCredFilePath in userCredFilePaths)
{ {
if (System.IO.Directory.Exists(userCredFilePath)) if (Directory.Exists(userCredFilePath))
{ {
string[] files = Directory.GetFiles(userCredFilePath); var files = Directory.EnumerateFiles(userCredFilePath);
foreach (string file in files) foreach (string file in files)
{ {

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/RemoteDesktop.cs
View File

@ -67,7 +67,7 @@ namespace winPEAS.KnownFileCreds
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
{ {
string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive")); string userFolder = string.Format("{0}\\Users\\", Environment.GetEnvironmentVariable("SystemDrive"));
string[] dirs = Directory.GetDirectories(userFolder); var dirs = Directory.EnumerateDirectories(userFolder);
foreach (string dir in dirs) foreach (string dir in dirs)
{ {

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/SuperPutty/SuperPutty.cs
View File

@ -24,7 +24,7 @@ namespace winPEAS.KnownFileCreds.SuperPutty
try try
{ {
var path = $"{dir}\\Documents\\SuperPuTTY\\"; var path = $"{dir}\\Documents\\SuperPuTTY\\";
var files = Directory.GetFiles(path, filter, SearchOption.TopDirectoryOnly); var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly);
foreach (var file in files) foreach (var file in files)
{ {