darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #254 from godylockz/latest_release

Browse Source 
Update Fetching Latest Releases
This commit is contained in:
Carlos Polop 2022-01-05 23:42:44 +00:00 committed by GitHub
commit 8c67152e17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 1295 additions and 1300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
README.md
View File

@ -1,38 +1,38 @@
# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation # PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/peass.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/peass.png)
![](https://img.shields.io/badge/Black-Arch-black) ![](https://img.shields.io/badge/Arch-AUR-brightgreen) ![](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202020-red) ![](https://img.shields.io/badge/Black-Arch-black) ![](https://img.shields.io/badge/Arch-AUR-brightgreen) ![](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202020-red)
# Basic Tutorial # Basic Tutorial
[![Tutorial](https://img.youtube.com/vi/2Ey1WQXNp3w/0.jpg)](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7) [![Tutorial](https://img.youtube.com/vi/2Ey1WQXNp3w/0.jpg)](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7)
Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**. Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**.
These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily. These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.
- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** - Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)** - **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)** - Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**
- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)** - **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
## Quick Start ## Quick Start
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**. Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
## Let's improve PEASS together ## Let's improve PEASS together
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file. If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
## PEASS Style ## PEASS Style
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
## Advisory ## Advisory
All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.
By Polop<sup>(TM)</sup> By Polop<sup>(TM)</sup>

8
linPEAS/README.md
View File

@ -1,4 +1,4 @@
# LinPEAS - Linux Privilege Escalation Awesome Script # LinPEAS - Linux Privilege Escalation Awesome Script
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/linpeas.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/linpeas.png)
@ -17,9 +17,7 @@ Find the **latest versions of all the scripts and binaries in [the releases page
```bash ```bash
# From github # From github
LATEST_RELEASE=$(curl -L -s -H 'Accept: application/json' https://github.com/carlospolop/PEASS-ng/releases/latest) curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
LATEST_VERSION=$(echo $LATEST_RELEASE | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
curl -L https://github.com/carlospolop/PEASS-ng/releases/download/$LATEST_VERSION/linpeas.sh | sh
``` ```
```bash ```bash
@ -44,7 +42,7 @@ less -r /dev/shm/linpeas.txt #Read with colors
```bash ```bash
# Use a linpeas binary # Use a linpeas binary
wget https://github.com/carlospolop/PEASS-ng/releases/download/refs%2Fheads%2Fmaster/linpeas_linux_amd64 wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
chmod +x linpeas_linux_amd64 chmod +x linpeas_linux_amd64
./linpeas_linux_amd64 ./linpeas_linux_amd64
``` ```

58
winPEAS/README.md
View File

@ -1,29 +1,29 @@
# Windows Privilege Escalation Awesome Scripts # Windows Privilege Escalation Awesome Scripts
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
## Quick Start ## Quick Start
Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**. Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
## WinPEAS .exe and .bat ## WinPEAS .exe and .bat
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) - [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required) - [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
- **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks** - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
## Please, if this tool has been useful for you consider to donate ## Please, if this tool has been useful for you consider to donate
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass)
## PEASS Style ## PEASS Style
Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
## Advisory ## Advisory
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
By Polop<sup>(TM)</sup> By Polop<sup>(TM)</sup>

573
winPEAS/winPEASexe/README.md
View File

@ -1,288 +1,285 @@
# Windows Privilege Escalation Awesome Script (.exe) # Windows Privilege Escalation Awesome Script (.exe)
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** **WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
[![youtube](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/screen.png)](https://youtu.be/66gOwXMnxRI) [![youtube](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/screen.png)](https://youtu.be/66gOwXMnxRI)
## Quick Start ## Quick Start
**.Net >= 4.5.2 is required** **.Net >= 4.5.2 is required**
Precompiled binaries: Precompiled binaries:
- Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/latest)** or **compile it yourself** (read instructions for compilation). - Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/latest)** or **compile it yourself** (read instructions for compilation).
```bash ```bash
# Get latest release # Get latest release
$latestRelease = Invoke-WebRequest https://github.com/carlospolop/PEASS-ng/releases/latest -Headers @{"Accept"="application/json"} $url = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"
$json = $latestRelease.Content | ConvertFrom-Json
$latestVersion = $json.tag_name # One liner to download and execute winPEASany from memory in a PS shell
$url = "https://github.com/carlospolop/PEASS-ng/releases/download/$latestVersion/winPEASany_ofs.exe" $wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
# One liner to download and execute winPEASany from memory in a PS shell # Before cmd in 3 lines
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("") $wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
# Before cmd in 3 lines
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); # Load from disk in memory and execute:
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use $wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
# Load from disk in memory and execute:
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe"))); # Load from disk in base64 and execute
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use ##Generate winpeas in Base64:
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
# Load from disk in base64 and execute ##Now upload the B64 string to the victim inside a file or copy it to the clipboard
##Generate winpeas in Base64:
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt ##If you have uploaded the B64 as afile load it with:
##Now upload the B64 string to the victim inside a file or copy it to the clipboard $thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
##If you have copied the B64 to the clipboard do:
##If you have uploaded the B64 as afile load it with: $thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt ##Finally, load binary in memory and execute
##If you have copied the B64 to the clipboard do: $wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string [winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
##Finally, load binary in memory and execute
$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent)) # Loading from file and executing a winpeas obfuscated version
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use ##Load obfuscated version
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
# Loading from file and executing a winpeas obfuscated version $wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
##Load obfuscated version [<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe"))); ```
$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
[<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas ## Parameters Examples
```
```bash
## Parameters Examples winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
```bash winpeas.exe notcolor #Do not color the output
winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs) winpeas.exe domain #enumerate also domain information
winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed winpeas.exe wait #wait for user input between tests
winpeas.exe notcolor #Do not color the output winpeas.exe debug #display additional debug information
winpeas.exe domain #enumerate also domain information winpeas.exe log #log output to out.txt instead of standard output
winpeas.exe wait #wait for user input between tests winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
winpeas.exe debug #display additional debug information winpeas.exe -lolbas #Execute also additional LOLBAS search check
winpeas.exe log #log output to out.txt instead of standard output ```
winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
winpeas.exe -lolbas #Execute also additional LOLBAS search check ## Help
``` ```
quiet Do not print banner
## Help notcolor Don't use ansi colors (all white)
``` systeminfo Search system information
quiet Do not print banner userinfo Search user information
notcolor Don't use ansi colors (all white) processinfo Search processes information
systeminfo Search system information servicesinfo Search services information
userinfo Search user information applicationsinfo Search installed applications information
processinfo Search processes information networkinfo Search network information
servicesinfo Search services information windowscreds Search windows credentials
applicationsinfo Search installed applications information browserinfo Search browser information
networkinfo Search network information filesinfo Search files that can contains credentials
windowscreds Search windows credentials eventsinfo Display interesting events information
browserinfo Search browser information wait Wait for user input between checks
filesinfo Search files that can contains credentials debug Display debugging information - memory usage, method execution time
eventsinfo Display interesting events information log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified
wait Wait for user input between checks
debug Display debugging information - memory usage, method execution time Additional checks (slower):
log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified -lolbas Run additional LOLBAS check
-linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
Additional checks (slower): (default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
-lolbas Run additional LOLBAS check ```
-linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
(default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh) ## Basic information
```
The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
## Basic information
It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
## Where are my COLORS?!?!?!
The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD):
## Where are my COLORS?!?!?! ```
REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD): ```
```
REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1 Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
```
Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective). ## Instructions to compile you own obfuscated version
In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
## Instructions to compile you own obfuscated version
To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*).
To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
Once you have installed and activated it you need to:
To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*). 1. **Compile** winpeas in VisualStudio
2. **Open dotfuscator** app
Once you have installed and activated it you need to: 3. **Open** in dotfuscator **winPEAS.exe compiled**
1. **Compile** winpeas in VisualStudio 4. Click on **Build**
2. **Open dotfuscator** app 5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
3. **Open** in dotfuscator **winPEAS.exe compiled**
4. Click on **Build** **I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
![](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/winPEAS/winPEASexe/images/dotfuscator.PNG)
**I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
![](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/winPEAS/winPEASexe/images/dotfuscator.PNG) ## Colors
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/colors.png)
## Colors
## Checks
![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/colors.png)
<details>
## Checks <summary>Details</summary>
<details> - **System Information**
<summary>Details</summary> - [x] Basic System info information
- [x] Use Watson to search for vulnerabilities
- **System Information** - [x] Enumerate Microsoft updates
- [x] Basic System info information - [x] PS, Audit, WEF and LAPS Settings
- [x] Use Watson to search for vulnerabilities - [x] LSA protection
- [x] Enumerate Microsoft updates - [x] Credential Guard
- [x] PS, Audit, WEF and LAPS Settings - [x] WDigest
- [x] LSA protection - [x] Number of cached cred
- [x] Credential Guard - [x] Environment Variables
- [x] WDigest - [x] Internet Settings
- [x] Number of cached cred - [x] Current drives information
- [x] Environment Variables - [x] AV
- [x] Internet Settings - [x] Windows Defender
- [x] Current drives information - [x] UAC configuration
- [x] AV - [x] NTLM Settings
- [x] Windows Defender - [x] Local Group Policy
- [x] UAC configuration - [x] Applocker Configuration & bypass suggestions
- [x] NTLM Settings - [x] Printers
- [x] Local Group Policy - [x] Named Pipes
- [x] Applocker Configuration & bypass suggestions - [x] AMSI Providers
- [x] Printers - [x] SysMon
- [x] Named Pipes - [x] .NET Versions
- [x] AMSI Providers
- [x] SysMon - **Users Information**
- [x] .NET Versions - [x] Users information
- [x] Current token privileges
- **Users Information** - [x] Clipboard text
- [x] Users information - [x] Current logged users
- [x] Current token privileges - [x] RDP sessions
- [x] Clipboard text - [x] Ever logged users
- [x] Current logged users - [x] Autologin credentials
- [x] RDP sessions - [x] Home folders
- [x] Ever logged users - [x] Password policies
- [x] Autologin credentials - [x] Local User details
- [x] Home folders - [x] Logon Sessions
- [x] Password policies
- [x] Local User details - **Processes Information**
- [x] Logon Sessions - [x] Interesting processes (non Microsoft)
- **Processes Information** - **Services Information**
- [x] Interesting processes (non Microsoft) - [x] Interesting services (non Microsoft) information
- [x] Modifiable services
- **Services Information** - [x] Writable service registry binpath
- [x] Interesting services (non Microsoft) information - [x] PATH Dll Hijacking
- [x] Modifiable services
- [x] Writable service registry binpath - **Applications Information**
- [x] PATH Dll Hijacking - [x] Current Active Window
- [x] Installed software
- **Applications Information** - [x] AutoRuns
- [x] Current Active Window - [x] Scheduled tasks
- [x] Installed software - [x] Device drivers
- [x] AutoRuns
- [x] Scheduled tasks - **Network Information**
- [x] Device drivers - [x] Current net shares
- [x] Mapped drives (WMI)
- **Network Information** - [x] hosts file
- [x] Current net shares - [x] Network Interfaces
- [x] Mapped drives (WMI) - [x] Listening ports
- [x] hosts file - [x] Firewall rules
- [x] Network Interfaces - [x] DNS Cache (limit 70)
- [x] Listening ports - [x] Internet Settings
- [x] Firewall rules
- [x] DNS Cache (limit 70) - **Windows Credentials**
- [x] Internet Settings - [x] Windows Vault
- [x] Credential Manager
- **Windows Credentials** - [x] Saved RDP settings
- [x] Windows Vault - [x] Recently run commands
- [x] Credential Manager - [x] Default PS transcripts files
- [x] Saved RDP settings - [x] DPAPI Masterkeys
- [x] Recently run commands - [x] DPAPI Credential files
- [x] Default PS transcripts files - [x] Remote Desktop Connection Manager credentials
- [x] DPAPI Masterkeys - [x] Kerberos Tickets
- [x] DPAPI Credential files - [x] Wifi
- [x] Remote Desktop Connection Manager credentials - [x] AppCmd.exe
- [x] Kerberos Tickets - [x] SSClient.exe
- [x] Wifi - [x] SCCM
- [x] AppCmd.exe - [x] Security Package Credentials
- [x] SSClient.exe - [x] AlwaysInstallElevated
- [x] SCCM - [x] WSUS
- [x] Security Package Credentials
- [x] AlwaysInstallElevated - **Browser Information**
- [x] WSUS - [x] Firefox DBs
- [x] Credentials in firefox history
- **Browser Information** - [x] Chrome DBs
- [x] Firefox DBs - [x] Credentials in chrome history
- [x] Credentials in firefox history - [x] Current IE tabs
- [x] Chrome DBs - [x] Credentials in IE history
- [x] Credentials in chrome history - [x] IE Favorites
- [x] Current IE tabs - [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave
- [x] Credentials in IE history
- [x] IE Favorites - **Interesting Files and registry**
- [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave - [x] Putty sessions
- [x] Putty SSH host keys
- **Interesting Files and registry** - [x] SuperPutty info
- [x] Putty sessions - [x] Office365 endpoints synced by OneDrive
- [x] Putty SSH host keys - [x] SSH Keys inside registry
- [x] SuperPutty info - [x] Cloud credentials
- [x] Office365 endpoints synced by OneDrive - [x] Check for unattended files
- [x] SSH Keys inside registry - [x] Check for SAM & SYSTEM backups
- [x] Cloud credentials - [x] Check for cached GPP Passwords
- [x] Check for unattended files - [x] Check for and extract creds from McAffe SiteList.xml files
- [x] Check for SAM & SYSTEM backups - [x] Possible registries with credentials
- [x] Check for cached GPP Passwords - [x] Possible credentials files in users homes
- [x] Check for and extract creds from McAffe SiteList.xml files - [x] Possible password files inside the Recycle bin
- [x] Possible registries with credentials - [x] Possible files containing credentials (this take some minutes)
- [x] Possible credentials files in users homes - [x] User documents (limit 100)
- [x] Possible password files inside the Recycle bin - [x] Oracle SQL Developer config files check
- [x] Possible files containing credentials (this take some minutes) - [x] Slack files search
- [x] User documents (limit 100) - [x] Outlook downloads
- [x] Oracle SQL Developer config files check - [x] Machine and user certificate files
- [x] Slack files search - [x] Office most recent documents
- [x] Outlook downloads - [x] Hidden files and folders
- [x] Machine and user certificate files - [x] Executable files in non-default folders with write permissions
- [x] Office most recent documents - [x] WSL check
- [x] Hidden files and folders
- [x] Executable files in non-default folders with write permissions - **Events Information**
- [x] WSL check - [x] Logon + Explicit Logon Events
- [x] Process Creation Events
- **Events Information** - [x] PowerShell Events
- [x] Logon + Explicit Logon Events - [x] Power On/Off Events
- [x] Process Creation Events
- [x] PowerShell Events - **Additional (slower) checks**
- [x] Power On/Off Events - [x] LOLBAS search
- [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
- **Additional (slower) checks**
- [x] LOLBAS search </details>
- [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
## TODO
</details> - Add more checks
- Mantain updated Watson (last JAN 2021)
## TODO
- Add more checks If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
- Mantain updated Watson (last JAN 2021)
If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
## Please, if this tool has been useful for you consider to donate
**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass)
## Please, if this tool has been useful for you consider to donate
## Advisory
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass)
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
## Advisory
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. By Polop<sup>(TM)</sup>, makikvues (makikvues2[at]gmail[dot].com)
By Polop<sup>(TM)</sup>, makikvues (makikvues2[at]gmail[dot].com)

102
winPEAS/winPEASexe/winPEAS.sln
View File

@ -1,51 +1,51 @@
 
Microsoft Visual Studio Solution File, Format Version 12.00 Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16 # Visual Studio Version 16
VisualStudioVersion = 16.0.29326.143 VisualStudioVersion = 16.0.29326.143
MinimumVisualStudioVersion = 10.0.40219.1 MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}" Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}"
EndProject EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}" Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}"
EndProject EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64 Debug|x64 = Debug|x64
Debug|x86 = Debug|x86 Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64 Release|x64 = Release|x64
Release|x86 = Release|x86 Release|x86 = Release|x86
EndGlobalSection EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86
{D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86 {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU
{66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection EndGlobalSection
GlobalSection(SolutionProperties) = preSolution GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE HideSolutionNode = FALSE
EndGlobalSection EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C} SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C}
EndGlobalSection EndGlobalSection
EndGlobal EndGlobal

12
winPEAS/winPEASexe/winPEAS/App.config
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<configuration> <configuration>
<startup useLegacyV2RuntimeActivationPolicy="true"> <startup useLegacyV2RuntimeActivationPolicy="true">
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
</configuration> </configuration>

4
winPEAS/winPEASexe/winPEAS/FodyWeavers.xml
View File

@ -1,3 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd"> <Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura /> <Costura />
</Weavers> </Weavers>

220
winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd
View File

@ -1,111 +1,111 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. --> <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers"> <xs:element name="Weavers">
<xs:complexType> <xs:complexType>
<xs:all> <xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1"> <xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType> <xs:complexType>
<xs:all> <xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string"> <xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation> <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:element> </xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string"> <xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation> <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:element> </xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string"> <xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation> <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:element> </xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string"> <xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation> <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:element> </xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string"> <xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation> <xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:element> </xs:element>
</xs:all> </xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean"> <xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation> <xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean"> <xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation> <xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean"> <xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation> <xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean"> <xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation> <xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean"> <xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation> <xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean"> <xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation> <xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string"> <xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation> <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string"> <xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation> <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string"> <xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation> <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string"> <xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation> <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string"> <xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation> <xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:all> </xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean"> <xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation> <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string"> <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation> <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean"> <xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation> <xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation> <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:schema> </xs:schema>

34
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@ -1,17 +1,17 @@
using System; using System;
namespace winPEAS namespace winPEAS
{ {
public static class Program public static class Program
{ {
// Static blacklists // Static blacklists
//static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files"; //static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
[STAThread] [STAThread]
public static void Main(string[] args) public static void Main(string[] args)
{ {
Checks.Checks.Run(args); Checks.Checks.Run(args);
} }
} }
} }

72
winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
View File

@ -1,36 +1,36 @@
using System.Reflection; using System.Reflection;
using System.Runtime.CompilerServices; using System.Runtime.CompilerServices;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following // General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information // set of attributes. Change these attribute values to modify the information
// associated with an assembly. // associated with an assembly.
[assembly: AssemblyTitle("asdas2dasd")] [assembly: AssemblyTitle("asdas2dasd")]
[assembly: AssemblyDescription("")] [assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")] [assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")] [assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("asdas2dasd")] [assembly: AssemblyProduct("asdas2dasd")]
[assembly: AssemblyCopyright("Copyright © 2019")] [assembly: AssemblyCopyright("Copyright © 2019")]
[assembly: AssemblyTrademark("")] [assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")] [assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible // Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from // to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type. // COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)] [assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM // The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")] [assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
// Version information for an assembly consists of the following four values: // Version information for an assembly consists of the following four values:
// //
// Major Version // Major Version
// Minor Version // Minor Version
// Build Number // Build Number
// Revision // Revision
// //
// You can specify all the values or you can default the Build and Revision Numbers // You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below: // by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")] // [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")] [assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")] [assembly: AssemblyFileVersion("1.0.0.0")]

1390
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

File diff suppressed because it is too large Load Diff

46
winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user
View File

@ -1,24 +1,24 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'">
<StartArguments> <StartArguments>
</StartArguments> </StartArguments>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
<StartArguments>servicesinfo</StartArguments> <StartArguments>servicesinfo</StartArguments>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
<StartArguments>debug</StartArguments> <StartArguments>debug</StartArguments>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
<StartArguments>fast</StartArguments> <StartArguments>fast</StartArguments>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">
<StartArguments> <StartArguments>
</StartArguments> </StartArguments>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'">
<StartArguments> <StartArguments>
</StartArguments> </StartArguments>
</PropertyGroup> </PropertyGroup>
</Project> </Project>