images, banners & options
This commit is contained in:
carlospolop
parent
42ff07fe8c
commit
938c2e13b0
2
.gitignore
vendored
Normal file → Executable file
2
.gitignore
vendored
Normal file → Executable file
@ -1,2 +1,4 @@
|
||||
.vs/*
|
||||
winPEAS/winPEASexe/.vs/*
|
||||
Debug/*
|
||||
winPEAS/winPEASexe/winPEAS/bin/Debug/*
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 43 KiB After Width: | Height: | Size: 356 KiB |
1717
linPEAS/linpeas.sh
1717
linPEAS/linpeas.sh
File diff suppressed because it is too large
Load Diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -10,7 +10,7 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac
|
||||
|
||||
Download the **[latest version from here](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin)** or **compile it yourself**.
|
||||
```bash
|
||||
winpeas.exe ansii #ANSII color for linux consoles (reverse shell)
|
||||
winpeas.exe ansi #ANSI color for linux consoles (reverse shell)
|
||||
winpeas.exe #Will execute all checks except the ones that execute MD commands
|
||||
winpeas.exe cmd #All checks
|
||||
winpeas.exe cmd fast #All except the one that search for files
|
||||
@ -27,7 +27,7 @@ The **ouput will be colored**. Below you have some indications about what does e
|
||||
|
||||
The tool is heavily based in **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
|
||||
|
||||
**IMPORTANT TO NOTICE:** By default WinPEAS will use colord for Windows terminals (without ANSII characters). If execute winpeas.exe from a reverse shell without any option **no color will be printed**. To see colors in a linux terminal you need to use the **ansii** parameter.
|
||||
**IMPORTANT TO NOTICE:** By default WinPEAS will use colors for Windows terminals (without ANSI characters). If you are executing winpeas.exe from a reverse shell without any option **any color will be appear**. To see colors in a linux terminal you need to use the **ansi** parameter.
|
||||
|
||||
## Help
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 159 KiB After Width: | Height: | Size: 157 KiB |
Binary file not shown.
@ -23,11 +23,11 @@ namespace winPEAS
|
||||
static string LCYAN = "\x1b[1;36m";
|
||||
static string REDYELLOW = "\x1b[31;103m";
|
||||
public static string NOCOLOR = "\x1b[0m";
|
||||
public static string ansii_color_bad = RED;
|
||||
public static string ansii_color_good = GREEN;
|
||||
public static string ansii_users_active = CYAN;
|
||||
public static string ansii_users_disabled = BLUE;
|
||||
public static string ansii_current_user = MAGENTA;
|
||||
public static string ansi_color_bad = RED;
|
||||
public static string ansi_color_good = GREEN;
|
||||
public static string ansi_users_active = CYAN;
|
||||
public static string ansi_users_disabled = BLUE;
|
||||
public static string ansi_current_user = MAGENTA;
|
||||
|
||||
public static Color color_key = Color.DarkSeaGreen;
|
||||
public static Color color_not_found = Color.Gray;
|
||||
@ -47,25 +47,56 @@ namespace winPEAS
|
||||
Color.Peru
|
||||
};
|
||||
|
||||
public static void PrintBanner()
|
||||
{
|
||||
System.Console.WriteLine(@"
|
||||
*((,.,/((((((((((((((((((((/, */
|
||||
,/*,..*(((((((((((((((((((((((((((((((((, ,/
|
||||
.,*/((((((((((((((((((/, .*//((//**, .*((((((* ./,
|
||||
(((((((((((((((((* .****,,,/((##########(* ,((((((* (
|
||||
((((((((((((/* .***************,,/(########(. ((((((* *,
|
||||
,.. ...,****************(@@@#(/***/(#####* /((((((./
|
||||
,,,..**********************&@@@#@@@@@(***,.*(###* /(((((*.
|
||||
,, ,**********************#@@&(#%@@@%*********,,((/ /(((((
|
||||
,. ...........,,*********/%@@&&@@@@@/*************,,..((((
|
||||
,,**(################(/*****//&@@@@%****************** /((
|
||||
.**(########################(/,.,/(/*******************.*(
|
||||
.*/(#############################(/*********************,*
|
||||
,*/(##################################(/*****************.
|
||||
,*((######################################(**************.
|
||||
.*((######(,.***.,(###################(..***(/***********.
|
||||
.,/(######*(#####((##################((######/(**********.
|
||||
,.*/##################(/**********(################(*****.
|
||||
,.,*(####################/*******(####################((/.
|
||||
,, **((############################################/ /((
|
||||
,,, ,*((#########################################(..((((((
|
||||
. .. ,**/(#####################################( .((((((((
|
||||
(((((* ,(#################################((* /(((((((((
|
||||
((((((((((. ,(############################(../((((((((((
|
||||
(((((((((/, ,####################(/..((((((((((
|
||||
(((((((((/,. ,*//////*,. ./(((((((((((
|
||||
((((((((((((((((((((((((((((/");
|
||||
}
|
||||
|
||||
public static void PrintInit()
|
||||
{
|
||||
Colorful.Console.WriteLine();
|
||||
Colorful.Console.WriteLine();
|
||||
if (Program.banner)
|
||||
PrintBanner();
|
||||
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + "[+] " + NOCOLOR + "WinPEAS" + GREEN + Program.version + NOCOLOR );
|
||||
System.Console.WriteLine(YELLOW + " " + NOCOLOR + "WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR );
|
||||
}
|
||||
else
|
||||
{
|
||||
Formatter[] colorsString = new Formatter[]
|
||||
{
|
||||
new Formatter( " [+] ", Color.Yellow),
|
||||
new Formatter( "WinPEASv", color_key),
|
||||
new Formatter( " WinPEAS", color_key),
|
||||
new Formatter( Program.version, color_default),
|
||||
};
|
||||
|
||||
Colorful.Console.WriteLineFormatted("{0}{1}{2}", color_key, colorsString);
|
||||
Colorful.Console.WriteLineFormatted("{0} {1} by carlospolop", Color.Yellow, colorsString);
|
||||
}
|
||||
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
|
||||
PrintLeyend();
|
||||
@ -73,7 +104,7 @@ namespace winPEAS
|
||||
|
||||
static void PrintLeyend()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR);
|
||||
System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
|
||||
@ -98,10 +129,11 @@ namespace winPEAS
|
||||
|
||||
public static void PrintUsage()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tansii" + GRAY + " Use ANSII colors (see color from linux terminal)" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tquiet" + GRAY + " Do not print banner" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tansi" + GRAY + " Use ansi colors (see color from linux terminal)" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tfast" + GRAY + " This will avoid very time consuming checks" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tcmd" + GRAY + " Obtain wifi, cred manager and clipboard information executing CMD commands" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tsysteminfo" + GRAY + " Search system information" + NOCOLOR);
|
||||
@ -118,7 +150,8 @@ namespace winPEAS
|
||||
else
|
||||
{
|
||||
Colorful.Console.Write(" [*] ", Color.Yellow); Colorful.Console.WriteLine("WinPEAS is a binary to enumerate possible paths to escalate privileges locally", color_key);
|
||||
Colorful.Console.Write("\tansii", color_default); Colorful.Console.WriteLine(" Use ANSII colors (see color from linux terminal)", Color.Gray);
|
||||
Colorful.Console.Write("\tquiet", color_default); Colorful.Console.WriteLine(" Do not print banner", Color.Gray);
|
||||
Colorful.Console.Write("\tansi", color_default); Colorful.Console.WriteLine(" Use ansi colors (see color from linux terminal)", Color.Gray);
|
||||
Colorful.Console.Write("\tfast", color_default); Colorful.Console.WriteLine(" This will avoid very time consuming checks", Color.Gray);
|
||||
Colorful.Console.Write("\tcmd", color_default); Colorful.Console.WriteLine(" Obtain wifi, cred manager and clipboard information executing CMD commands", Color.Gray);
|
||||
Colorful.Console.Write("\tsysteminfo", color_default); Colorful.Console.WriteLine(" Search system information", Color.Gray);
|
||||
@ -141,7 +174,7 @@ namespace winPEAS
|
||||
System.Console.WriteLine();
|
||||
System.Console.WriteLine();
|
||||
int halfTotal = 60;
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" +NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -162,7 +195,7 @@ namespace winPEAS
|
||||
try
|
||||
{
|
||||
Colorful.Console.WriteLine();
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [+] " + LRED + toPrint + YELLOW + "(" + GRAY + attackid + YELLOW + ")" + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -185,7 +218,7 @@ namespace winPEAS
|
||||
{
|
||||
try
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -208,7 +241,7 @@ namespace winPEAS
|
||||
{
|
||||
try
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -233,7 +266,7 @@ namespace winPEAS
|
||||
|
||||
public static void GoodPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(GREEN + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_good);
|
||||
@ -241,7 +274,7 @@ namespace winPEAS
|
||||
|
||||
public static void BadPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(RED + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_bad);
|
||||
@ -249,7 +282,7 @@ namespace winPEAS
|
||||
|
||||
public static void GrayPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(GRAY + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_not_found);
|
||||
@ -260,22 +293,22 @@ namespace winPEAS
|
||||
{
|
||||
GrayPrint(" =================================================================================================");
|
||||
}
|
||||
public static void AnsiiPrint(string to_print, Dictionary<string, string> ansii_colors_regexp)
|
||||
public static void AnsiPrint(string to_print, Dictionary<string, string> ansi_colors_regexp)
|
||||
{
|
||||
if (to_print.Trim().Length > 0)
|
||||
{
|
||||
foreach (string line in to_print.Split('\n'))
|
||||
{
|
||||
string new_line = line;
|
||||
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
|
||||
new_line = RegexAnsii(new_line, color.Value, color.Key);
|
||||
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
|
||||
new_line = Regexansi(new_line, color.Value, color.Key);
|
||||
|
||||
System.Console.WriteLine(new_line);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static string RegexAnsii(string to_match, string color, string rgxp)
|
||||
static string Regexansi(string to_match, string color, string rgxp)
|
||||
{
|
||||
Regex regex = new Regex(rgxp);
|
||||
Match match = regex.Match(to_match);
|
||||
@ -283,7 +316,7 @@ namespace winPEAS
|
||||
return to_match.Replace(match.Value, color + match.Value + NOCOLOR);
|
||||
return to_match;
|
||||
}
|
||||
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansii_colors_regexp, bool delete_nulls)
|
||||
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls)
|
||||
{
|
||||
try
|
||||
{
|
||||
@ -293,10 +326,10 @@ namespace winPEAS
|
||||
continue;
|
||||
string value = entry.Value;
|
||||
string key = entry.Key;
|
||||
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
|
||||
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
|
||||
{
|
||||
key = RegexAnsii(key, color.Value, color.Key);
|
||||
value = RegexAnsii(value, color.Value, color.Key);
|
||||
key = Regexansi(key, color.Value, color.Key);
|
||||
value = Regexansi(value, color.Value, color.Key);
|
||||
}
|
||||
System.Console.WriteLine(" " + key + ": " + value);
|
||||
}
|
||||
@ -316,7 +349,7 @@ namespace winPEAS
|
||||
{
|
||||
if (delete_nulls && String.IsNullOrEmpty(entry.Value))
|
||||
continue;
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(" " + entry.Key + ": " + entry.Value);
|
||||
|
||||
else
|
||||
@ -508,7 +541,7 @@ namespace winPEAS
|
||||
{
|
||||
if (list_to_print.Count > 0)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
foreach (string elem in list_to_print)
|
||||
System.Console.WriteLine(" " + elem);
|
||||
@ -533,7 +566,7 @@ namespace winPEAS
|
||||
if (list_to_print.Count > 0)
|
||||
{
|
||||
foreach (string elem in list_to_print)
|
||||
AnsiiPrint(" " + elem, dic_colors);
|
||||
AnsiPrint(" " + elem, dic_colors);
|
||||
}
|
||||
else
|
||||
NotFoundPrint();
|
||||
|
||||
@ -554,8 +554,8 @@ namespace winPEAS
|
||||
// search every pattern in this directory's files
|
||||
foreach (string pattern in patterns.Split(';'))
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
Beaprint.AnsiiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
|
||||
if (Program.using_ansi)
|
||||
Beaprint.AnsiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), ss); // .exe can be contained because of appcmd.exe
|
||||
}
|
||||
|
||||
@ -9,10 +9,11 @@ namespace winPEAS
|
||||
{
|
||||
class Program
|
||||
{
|
||||
public static string version = "BETA VERSION";
|
||||
public static bool banner = true;
|
||||
public static string version = "vBETA VERSION";
|
||||
static bool is_fast = false;
|
||||
static bool exec_cmd = false;
|
||||
public static bool using_ansii = false;
|
||||
public static bool using_ansi = false;
|
||||
|
||||
// Static blacklists
|
||||
static string strTrue = "True";
|
||||
@ -35,11 +36,11 @@ namespace winPEAS
|
||||
static Color color_key = Beaprint.color_key;
|
||||
static Color color_good = Beaprint.color_good;
|
||||
static Color color_bad = Beaprint.color_bad;
|
||||
static string ansii_color_bad = Beaprint.ansii_color_bad;
|
||||
static string ansii_color_good = Beaprint.ansii_color_good;
|
||||
static string ansii_users_active = Beaprint.ansii_users_active;
|
||||
static string ansii_users_disabled = Beaprint.ansii_users_disabled;
|
||||
static string ansii_current_user = Beaprint.ansii_current_user;
|
||||
static string ansi_color_bad = Beaprint.ansi_color_bad;
|
||||
static string ansi_color_good = Beaprint.ansi_color_good;
|
||||
static string ansi_users_active = Beaprint.ansi_users_active;
|
||||
static string ansi_users_disabled = Beaprint.ansi_users_disabled;
|
||||
static string ansi_current_user = Beaprint.ansi_current_user;
|
||||
static StyleSheet onlyDefaultStyleSheet = new StyleSheet(color_default);
|
||||
static StyleSheet onlyKeyStyleSheet = new StyleSheet(color_key);
|
||||
|
||||
@ -69,11 +70,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Basic System Information", "T1082&T1124&T1012&T1497&T1212");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits", "Check if the Windows versions is vulnerable to some known exploit");
|
||||
Dictionary<string, string> basicDictSystem = SystemInfo.GetBasicOSInfo();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ strTrue, ansii_color_bad }
|
||||
{ strTrue, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
|
||||
}
|
||||
@ -143,11 +144,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("LAPS Settings", "T1012");
|
||||
Beaprint.LinkPrint("", "If installed, local administrator password change frequently in domain-joined boxes and is restricted by ACL");
|
||||
Dictionary<string, string> lapsDict = SystemInfo.GetLapsSettings();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ badLAPS, ansii_color_bad }
|
||||
{ badLAPS, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(lapsDict, colorsSI, false);
|
||||
}
|
||||
@ -171,11 +172,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("User Environment Variables", "");
|
||||
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
|
||||
Dictionary<string, string> userEnvDict = SystemInfo.GetUserEnvVariables();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad }
|
||||
{ print_credStrings, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(userEnvDict, colorsSI, false);
|
||||
}
|
||||
@ -199,11 +200,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("System Environment Variables", "");
|
||||
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
|
||||
Dictionary<string, string> sysEnvDict = SystemInfo.GetSystemEnvVariables();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad }
|
||||
{ print_credStrings, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(sysEnvDict, colorsSI, false);
|
||||
}
|
||||
@ -260,13 +261,13 @@ namespace winPEAS
|
||||
if (drive_permissions.Length > 0)
|
||||
dToPrint += "(Permissions: {5})";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Permissions.*", ansii_color_bad}
|
||||
{ "Permissions.*", ansi_color_bad}
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
|
||||
Beaprint.AnsiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
|
||||
}
|
||||
|
||||
else
|
||||
@ -316,12 +317,12 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access", "If you are in the Administrators group check how to bypass the UAC");
|
||||
Dictionary<string, string> uacDict = SystemInfo.GetUACSystemPolicies();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ badUAC, ansii_color_bad },
|
||||
{ goodUAC, ansii_color_good }
|
||||
{ badUAC, ansi_color_bad },
|
||||
{ goodUAC, ansi_color_good }
|
||||
};
|
||||
Beaprint.DictPrint(uacDict, colorsSI, false);
|
||||
}
|
||||
@ -414,15 +415,15 @@ namespace winPEAS
|
||||
{
|
||||
return new Dictionary<string, string>()
|
||||
{
|
||||
{ paint_activeUsers, ansii_users_active },
|
||||
{ paint_disabledUsers, ansii_users_disabled },
|
||||
{ currentUserName, ansii_current_user },
|
||||
{ currentDomainName, ansii_current_user },
|
||||
{ paint_adminUsers, ansii_color_bad },
|
||||
{ badgroups, ansii_color_bad },
|
||||
{ badpasswd, ansii_color_bad },
|
||||
{ badPrivileges, ansii_color_bad },
|
||||
{ "DefaultPassword.*", ansii_color_bad },
|
||||
{ paint_activeUsers, ansi_users_active },
|
||||
{ paint_disabledUsers, ansi_users_disabled },
|
||||
{ currentUserName, ansi_current_user },
|
||||
{ currentDomainName, ansi_current_user },
|
||||
{ paint_adminUsers, ansi_color_bad },
|
||||
{ badgroups, ansi_color_bad },
|
||||
{ badpasswd, ansi_color_bad },
|
||||
{ badPrivileges, ansi_color_bad },
|
||||
{ "DefaultPassword.*", ansi_color_bad },
|
||||
};
|
||||
}
|
||||
|
||||
@ -433,9 +434,9 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Current users", "T1087&T1069&T1033");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#users-and-groups", "Check if you have some admin equivalent privileges");
|
||||
List<string> users_grps = UserInfo.GetMachineUsers(false, false, false, false, true);
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(" Current user: " + currentUserName, colorsU());
|
||||
Beaprint.AnsiPrint(" Current user: " + currentUserName, colorsU());
|
||||
Beaprint.ListPrint(users_grps, colorsU());
|
||||
}
|
||||
else
|
||||
@ -457,7 +458,7 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Current Token privileges", "T1134");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#token-manipulation", "Check if you can escalate privilege using some enabled token");
|
||||
Dictionary<string, string> token_privs = UserInfo.GetTokenGroupPrivs();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(token_privs, colorsU(), false);
|
||||
else
|
||||
Beaprint.DictPrint(token_privs, CreateUsersSS(), false);
|
||||
@ -499,7 +500,7 @@ namespace winPEAS
|
||||
{
|
||||
Beaprint.MainPrint("Logged users", "T1087&T1033");
|
||||
List<string> loggedusers = UserInfo.GetLoggedUsers();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.ListPrint(loggedusers, colorsU());
|
||||
else
|
||||
Beaprint.ListPrint(loggedusers, CreateUsersSS());
|
||||
@ -520,10 +521,10 @@ namespace winPEAS
|
||||
{
|
||||
string format = " {0,-10}{1,-15}{2,-15}{3,-25}{4,-10}{5}";
|
||||
string header = String.Format(format, "SessID", "pSessionName", "pUserName", "pDomainName", "State", "SourceIP");
|
||||
if (using_ansii) {
|
||||
if (using_ansi) {
|
||||
System.Console.WriteLine(header);
|
||||
foreach (Dictionary<string, string> rdp_ses in rdp_sessions)
|
||||
Beaprint.AnsiiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
|
||||
Beaprint.AnsiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
|
||||
}
|
||||
else {
|
||||
Colorful.Console.WriteLineStyled(header, onlyKeyStyleSheet);
|
||||
@ -546,7 +547,7 @@ namespace winPEAS
|
||||
{
|
||||
Beaprint.MainPrint("Ever logged users", "T1087&T1033");
|
||||
List<string> everlogged = UserInfo.GetEverLoggedUsers();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.ListPrint(everlogged, colorsU());
|
||||
else
|
||||
Beaprint.ListPrint(everlogged, CreateUsersSS());
|
||||
@ -574,8 +575,8 @@ namespace winPEAS
|
||||
Beaprint.BadPrint("Some AutoLogon credentials were found!!");
|
||||
ban = true;
|
||||
}
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), CreateUsersSS());
|
||||
}
|
||||
@ -620,7 +621,7 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Password Policies", "T1201");
|
||||
Beaprint.LinkPrint("", "This is insteresting for brute-force");
|
||||
List<Dictionary<string, string>> PPy = UserInfo.GetPasswordPolicy();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(PPy, colorsU(), false);
|
||||
else
|
||||
Beaprint.DictPrint(PPy, CreateUsersSS(), false);
|
||||
@ -705,16 +706,16 @@ namespace winPEAS
|
||||
if (proc_info["CommandLine"].Length > 1)
|
||||
formString += "\n {8}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsP = new Dictionary<string, string>()
|
||||
{
|
||||
{ currentUserName, ansii_current_user },
|
||||
{ "Permissions:.*", ansii_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansii_color_bad },
|
||||
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ currentUserName, ansi_current_user },
|
||||
{ "Permissions:.*", ansi_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansi_color_bad },
|
||||
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
|
||||
Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -799,17 +800,17 @@ namespace winPEAS
|
||||
if (service_info["Description"].Length > 1)
|
||||
formString += "\n {10}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsS = new Dictionary<string, string>()
|
||||
{
|
||||
{ "File Permissions:.*", ansii_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansii_color_bad },
|
||||
{ "No quotes and Space detected", ansii_color_bad },
|
||||
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansii_color_bad : ansii_color_good },
|
||||
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansii_color_bad : ansii_color_good },
|
||||
{ "File Permissions:.*", ansi_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansi_color_bad },
|
||||
{ "No quotes and Space detected", ansi_color_bad },
|
||||
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansi_color_bad : ansi_color_good },
|
||||
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
|
||||
Beaprint.AnsiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -958,11 +959,11 @@ namespace winPEAS
|
||||
Colorful.Console.WriteLine();
|
||||
|
||||
Beaprint.MainPrint("Installed Applications --Via Registry--", "T1083&T1012&T1010");
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsA = new Dictionary<string, string>()
|
||||
{
|
||||
{ goodSoft, ansii_color_good }
|
||||
{ goodSoft, ansi_color_good }
|
||||
};
|
||||
Beaprint.ListPrint(ApplicationInfo.GetAppsRegistry(), colorsA);
|
||||
}
|
||||
@ -991,13 +992,13 @@ namespace winPEAS
|
||||
{
|
||||
Dictionary<string, string> colorsA = new Dictionary<string, string>()
|
||||
{
|
||||
{ "FolderPerms:.*", ansii_color_bad },
|
||||
{ "FilePerms:.*", ansii_color_bad },
|
||||
{ "(Unquoted and Space detected)", ansii_color_bad },
|
||||
{ "(RegPath is writable)", ansii_color_bad },
|
||||
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansii_color_bad : ansii_color_good },
|
||||
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansii_color_bad : ansii_color_good },
|
||||
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansii_color_bad : ansii_color_good },
|
||||
{ "FolderPerms:.*", ansi_color_bad },
|
||||
{ "FilePerms:.*", ansi_color_bad },
|
||||
{ "(Unquoted and Space detected)", ansi_color_bad },
|
||||
{ "(RegPath is writable)", ansi_color_bad },
|
||||
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansi_color_bad : ansi_color_good },
|
||||
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansi_color_bad : ansi_color_good },
|
||||
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
StyleSheet styleSheetAA = new StyleSheet(color_default);
|
||||
styleSheetAA.AddStyle("FolderPerms", color_bad);
|
||||
@ -1015,10 +1016,10 @@ namespace winPEAS
|
||||
if (!String.IsNullOrEmpty(app["Folder"]))
|
||||
styleSheetAA.AddStyle(app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
|
||||
}
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(string1, colorsA);
|
||||
Beaprint.AnsiiPrint(string2, colorsA);
|
||||
Beaprint.AnsiPrint(string1, colorsA);
|
||||
Beaprint.AnsiPrint(string2, colorsA);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1074,10 +1075,10 @@ namespace winPEAS
|
||||
styleSheetAA.AddStyle(app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
|
||||
}
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(string1, colorsA);
|
||||
Beaprint.AnsiiPrint(string2, colorsA);
|
||||
Beaprint.AnsiPrint(string1, colorsA);
|
||||
Beaprint.AnsiPrint(string2, colorsA);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1116,14 +1117,14 @@ namespace winPEAS
|
||||
if (String.IsNullOrEmpty(sapp["Description"]))
|
||||
formString += "\n {6}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsS = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Permissions.*", ansii_color_bad },
|
||||
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ "Permissions.*", ansi_color_bad },
|
||||
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
|
||||
Beaprint.AnsiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1168,11 +1169,11 @@ namespace winPEAS
|
||||
try
|
||||
{
|
||||
Beaprint.MainPrint("Network Shares", "T1135");
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ badShares, ansii_color_bad },
|
||||
{ badShares, ansi_color_bad },
|
||||
};
|
||||
Beaprint.ListPrint(NetworkInfo.GetNetworkShares("127.0.0.1"), colorsN);
|
||||
}
|
||||
@ -1222,7 +1223,7 @@ namespace winPEAS
|
||||
if (card["arp"].Length > 1)
|
||||
formString += "\n\tKnown hosts:\n{6}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(String.Format(formString, card["Name"], card["PysicalAddr"], card["IPs"], card["Netmasks"].Replace(", 0.0.0.0", ""), card["Gateways"], card["DNSs"], card["arp"]));
|
||||
}
|
||||
@ -1256,14 +1257,14 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("", "Check for services restricted from the outside");
|
||||
List<List<string>> conns = NetworkInfo.GetNetConnections();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ badIps, ansii_color_bad },
|
||||
{ badIps, ansi_color_bad },
|
||||
};
|
||||
foreach (List<string> conn in conns)
|
||||
Beaprint.AnsiiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
|
||||
Beaprint.AnsiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1305,15 +1306,15 @@ namespace winPEAS
|
||||
formString += "\n Folder Permissions: {9}";
|
||||
formString += "\n {10}";
|
||||
|
||||
if (using_ansii) {
|
||||
if (using_ansi) {
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ strFalse, ansii_color_bad },
|
||||
{ strTrue, ansii_color_good },
|
||||
{ "File Permissions.*|Folder Permissions.*", ansii_color_bad },
|
||||
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ strFalse, ansi_color_bad },
|
||||
{ strTrue, ansi_color_good },
|
||||
{ "File Permissions.*|Folder Permissions.*", ansi_color_bad },
|
||||
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
|
||||
Beaprint.AnsiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1382,11 +1383,11 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
|
||||
List<Dictionary<string, string>> vault_creds = KnownFileCredsInfo.DumpVault();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Identity.*|Credential.*", ansii_color_bad },
|
||||
{ "Identity.*|Credential.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.DictPrint(vault_creds, colorsC, true);
|
||||
}
|
||||
@ -1413,13 +1414,13 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
|
||||
if (exec_cmd)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ "User:.*", ansii_color_bad },
|
||||
{ "User:.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.AnsiiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
|
||||
Beaprint.AnsiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1580,13 +1581,13 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Looking saved Wifis", "");
|
||||
if (exec_cmd)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ ": .*", ansii_color_bad },
|
||||
{ ": .*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.AnsiiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
|
||||
Beaprint.AnsiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1757,16 +1758,16 @@ namespace winPEAS
|
||||
List<string> firefoxHist = KnownFileCredsInfo.GetFirefoxHistory();
|
||||
if (firefoxHist.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in firefoxHist)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1831,16 +1832,16 @@ namespace winPEAS
|
||||
|
||||
if (history.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in history)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1877,11 +1878,11 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#browsers-history");
|
||||
List<string> urls = KnownFileCredsInfo.GetCurrentIETabs();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
Beaprint.ListPrint(urls, colorsB);
|
||||
}
|
||||
@ -1910,16 +1911,16 @@ namespace winPEAS
|
||||
|
||||
if (history.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in history)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1967,11 +1968,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Putty Sessions", "");
|
||||
List<Dictionary<string, string>> putty_sess = KnownFileCredsInfo.GetPuttySessions();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ "ProxyPassword.*", ansii_color_bad },
|
||||
{ "ProxyPassword.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.DictPrint(putty_sess, colorF, true);
|
||||
}
|
||||
@ -2071,7 +2072,7 @@ namespace winPEAS
|
||||
styleSheetPCF.AddStyle(pattern_color, color_bad);
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ pattern_color, ansii_color_bad },
|
||||
{ pattern_color, ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking for possible password files in users homes", "T1083&T1081");
|
||||
@ -2082,8 +2083,8 @@ namespace winPEAS
|
||||
{
|
||||
if (!Path.GetFileName(file_path).Contains("."))
|
||||
{
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(" " + file_path, colorF);
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(" " + file_path, colorF);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
|
||||
}
|
||||
@ -2093,8 +2094,8 @@ namespace winPEAS
|
||||
{
|
||||
if (file_path.Contains(ext))
|
||||
{
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(" " + file_path, colorF);
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(" " + file_path, colorF);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
|
||||
}
|
||||
@ -2117,7 +2118,7 @@ namespace winPEAS
|
||||
string pattern_bin = patterns_file_creds + ";*password*;*credential*";
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ patterns_file_creds + "|.*password.*|.*credential.*", ansii_color_bad },
|
||||
{ patterns_file_creds + "|.*password.*|.*credential.*", ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking inside the Recycle Bin for creds files", "T1083&T1081&T1145");
|
||||
@ -2129,7 +2130,7 @@ namespace winPEAS
|
||||
{
|
||||
if (Regex.Match(rec_file["Name"], pattern.Replace("*", ".*"), RegexOptions.IgnoreCase).Success)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(rec_file, colorF, true);
|
||||
else
|
||||
Beaprint.DictPrint(rec_file, styleSheetRB, true);
|
||||
@ -2154,7 +2155,7 @@ namespace winPEAS
|
||||
styleSheetPCF.AddStyle(patterns_file_creds_color, color_bad);
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ patterns_file_creds_color, ansii_color_bad },
|
||||
{ patterns_file_creds_color, ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking for possible known files that can contain creds", "T1083&T1081");
|
||||
@ -2253,8 +2254,11 @@ namespace winPEAS
|
||||
if (string.Equals(arg, "cmd", StringComparison.CurrentCultureIgnoreCase))
|
||||
exec_cmd = true;
|
||||
|
||||
if (string.Equals(arg, "ansii", StringComparison.CurrentCultureIgnoreCase))
|
||||
using_ansii = true;
|
||||
if (string.Equals(arg, "ansi", StringComparison.CurrentCultureIgnoreCase))
|
||||
using_ansi = true;
|
||||
|
||||
if (string.Equals(arg, "quiet", StringComparison.CurrentCultureIgnoreCase))
|
||||
banner = false;
|
||||
|
||||
if (string.Equals(arg, "help", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
|
||||
@ -110,9 +110,9 @@ namespace winPEAS
|
||||
|
||||
if (_vulnerabilities.Any(e => e.Vulnerable))
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansii_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
|
||||
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansi_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -722,7 +722,7 @@ namespace winPEAS
|
||||
{
|
||||
public static void FindVulns()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by" + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR);
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<configuration>
|
||||
<startup>
|
||||
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
|
||||
</startup>
|
||||
</configuration>
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache
Executable file
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache
Executable file
Binary file not shown.
@ -30,3 +30,12 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEA
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
|
||||
|
||||
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
||||
BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache
Executable file
BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\wi
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
|
||||
|
||||
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\wi
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
|
||||
|
||||
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@ -4,7 +4,8 @@
|
||||
<StartArguments>help</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
|
||||
<StartArguments>help</StartArguments>
|
||||
<StartArguments>
|
||||
</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
||||
<StartArguments>cmd fast</StartArguments>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user