darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- added progress bar while reading leaked handles

Browse Source
This commit is contained in:
makikvues 2023-07-30 17:38:57 +02:00
parent bcd52764ba
commit 869145388d
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winPEAS/winPEASexe/winPEAS/Checks/ProcessInfo.cs
View File

@ -92,7 +92,14 @@ namespace winPEAS.Checks
Beaprint.MainPrint("Vulnerable Leaked Handlers"); Beaprint.MainPrint("Vulnerable Leaked Handlers");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation");
List<Dictionary<string, string>> vulnHandlers = ProcessesInfo.GetVulnHandlers(); List<Dictionary<string, string>> vulnHandlers = new List<Dictionary<string, string>>();
Beaprint.InfoPrint("Getting Leaked Handlers, it might take some time...");
using (var progress = new ProgressBar())
{
vulnHandlers = ProcessesInfo.GetVulnHandlers(progress);
}
foreach (Dictionary<string, string> handler in vulnHandlers) foreach (Dictionary<string, string> handler in vulnHandlers)
{ {
Dictionary<string, string> colors = new Dictionary<string, string>() Dictionary<string, string> colors = new Dictionary<string, string>()

15
winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
View File

@ -76,14 +76,27 @@ namespace winPEAS.Info.ProcessInfo
return f_results; return f_results;
} }
public static List<Dictionary<string, string>> GetVulnHandlers() public static List<Dictionary<string, string>> GetVulnHandlers(ProgressBar progress)
{ {
List<Dictionary<string, string>> vulnHandlers = new List<Dictionary<string, string>>(); List<Dictionary<string, string>> vulnHandlers = new List<Dictionary<string, string>>();
List<HandlesHelper.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handlers = HandlesHelper.GetAllHandlers(); List<HandlesHelper.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handlers = HandlesHelper.GetAllHandlers();
List<string> interestingHandlerTypes = new List<string>() { "file", "key", "process", "thread" }; //section List<string> interestingHandlerTypes = new List<string>() { "file", "key", "process", "thread" }; //section
int processedHandlersCount = 0;
int UPDATE_PROGRESSBAR_COUNT = 500;
double pb = 0;
int totalCount = handlers.Count;
foreach (HandlesHelper.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX h in handlers) foreach (HandlesHelper.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX h in handlers)
{ {
processedHandlersCount++;
if (processedHandlersCount % UPDATE_PROGRESSBAR_COUNT == 0)
{
pb = (double)processedHandlersCount / totalCount;
progress.Report(pb); //Value must be in [0..1] range
}
// skip some objects to avoid getting stuck // skip some objects to avoid getting stuck
// see: https://github.com/adamdriscoll/PoshInternals/issues/7 // see: https://github.com/adamdriscoll/PoshInternals/issues/7
if (h.GrantedAccess == 0x0012019f if (h.GrantedAccess == 0x0012019f