darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

video

Browse Source
This commit is contained in:
carlospolop 2019-11-04 11:22:22 -05:00
parent 45995cd200
commit b5f6096045
31 changed files with 111 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -20,6 +20,10 @@ If you want to **add something** and have **any cool idea** related to this proj
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
## Looking for a useful Privilege Escalation Course?
Contact me and ask about the **Privilege Escalation Course** I am preparing for attackers and defenders (**100% technical**).
## License ## License
MIT License MIT License

4
linPEAS/README.md
View File

@ -228,6 +228,10 @@ If you want to **add something** and have **any cool idea** related to this proj
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
## Looking for a useful Privilege Escalation Course?
Contact me and ask about the **Privilege Escalation Course** I am preparing for attackers and defenders (**100% technical**).
## TODO ## TODO
- Add more checks - Add more checks

4
winPEAS/README.md
View File

@ -18,6 +18,10 @@ If you want to **add something** and have **any cool idea** related to this proj
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
## Looking for a useful Privilege Escalation Course?
Contact me and ask about the **Privilege Escalation Course** I am preparing for attackers and defenders (**100% technical**).
## License ## License
MIT License MIT License

4
winPEAS/winPEASbat/README.md
View File

@ -128,6 +128,10 @@ If you want to **add something** and have **any cool idea** related to this proj
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
## Looking for a useful Privilege Escalation Course?
Contact me and ask about the **Privilege Escalation Course** I am preparing for attackers and defenders (**100% technical**).
## License ## License
MIT License MIT License

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/.suo
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/.vs/winPEAS/v16/Server/sqlite3/storage.ide
View File

Binary file not shown.

12
winPEAS/winPEASexe/README.md
View File

@ -6,11 +6,13 @@
Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
[![youtube]((https://github.com/carlospolop/privilege-escalation-awesome-script-suite/raw/master/winPEAS/winPEASexe/images/screen.png)](https://youtu.be/66gOwXMnxRI)
## Quick Start ## Quick Start
Download the **[latest version from here](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin)** or **compile it yourself**. Download the **[latest version from here](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin)** or **compile it yourself**.
```bash ```bash
winpeas.exe ansi #ANSI color for linux consoles (reverse shell) winpeas.exe ansi cmd searchfast #ANSI color for linux consoles (reverse shell), cmd commands and avoid sleepig
winpeas.exe #Will execute all checks except the ones that execute MD commands winpeas.exe #Will execute all checks except the ones that execute MD commands
winpeas.exe cmd #All checks winpeas.exe cmd #All checks
winpeas.exe cmd fast #All except the one that search for files winpeas.exe cmd fast #All except the one that search for files
@ -21,7 +23,9 @@ winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments. The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
It should take only a **few seconds** to execute almost all the checks and **some minutes searching in the whole main drive** for known files that could contain passwords (the time depened on the number of files in your drive). Get rif of that time consuming check using the parameter `fast`. It should take only a **few seconds** to execute almost all the checks and **some minutes searching in the whole main drive** for known files that could contain passwords (the time depened on the number of files in your drive). Get rid of that time consuming check using the parameter `fast`.
By default, the progam **sleeps 150ms** before start searching files in each directory. This is made to consume less resources (**stealthier**). You can **avoid this sleep using `searchfast` parameter**.
The **ouput will be colored**. Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something good (from a defender perspective). The **ouput will be colored**. Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something good (from a defender perspective).
@ -129,6 +133,10 @@ If you want to **add something** and have **any cool idea** related to this proj
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
## Looking for a useful Privilege Escalation Course?
Contact me and ask about the **Privilege Escalation Course** I am preparing for attackers and defenders (**100% technical**).
## TODO ## TODO
- Add more checks - Add more checks

BIN
winPEAS/winPEASexe/images/colors.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 114 KiB

BIN
winPEAS/winPEASexe/images/help.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 157 KiB

After

Width:  |  Height:  |  Size: 148 KiB

BIN
winPEAS/winPEASexe/images/screen.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 325 KiB

70
winPEAS/winPEASexe/winPEAS/Beaprint.cs
View File

@ -3,6 +3,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Drawing; using System.Drawing;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using System.Threading;
namespace winPEAS namespace winPEAS
{ {
@ -49,38 +50,39 @@ namespace winPEAS
public static void PrintBanner() public static void PrintBanner()
{ {
System.Console.WriteLine(@" Colorful.Console.WriteLine(@"
*((,.,/((((((((((((((((((((/, */ *((,.,/((((((((((((((((((((/, */
,/*,..*(((((((((((((((((((((((((((((((((, ,/ ,/*,..*(((((((((((((((((((((((((((((((((,
.,*/((((((((((((((((((/, .*//((//**, .*((((((* ./, ,*/((((((((((((((((((/, .*//((//**, .*((((((*
(((((((((((((((((* .****,,,/((##########(* ,((((((* ( ((((((((((((((((* *****,,,/########## .(* ,((((((
((((((((((((/* .***************,,/(########(. ((((((* *, (((((((((((/* ******************/####### .(. ((((((
,.. ...,****************(@@@#(/***/(#####* /((((((./ ((((((..******************/@@@@@/***/######* /((((((
,,,..**********************&@@@#@@@@@(***,.*(###* /(((((*. ,,..**********************&@@@@@@@@@(***,#### ../(((((
,, ,**********************#@@&(#%@@@%*********,,((/ /((((( , ,**********************#@@&@@%@@@%*********##((/ /((((
,. ...........,,*********/%@@&&@@@@@/*************,,..(((( ..(((##########*********/%@@@@@@@@@/*************,,..((((
,,**(################(/*****//&@@@@%****************** /(( .(((################(/******/&@@@@%****************.. /((
.**(########################(/,.,/(/*******************.*( .((########################(/************************..*(
.*/(#############################(/*********************,* .((#############################(/********************.,(
,*/(##################################(/*****************. .((##################################(/***************..(
,*((######################################(**************. .((######################################(************..(
.*((######(,.***.,(###################(..***(/***********. .((######(,.***.,(###################(..***(/*********..(
.,/(######*(#####((##################((######/(**********. .((######*(#####((##################((######/(********..(
,.*/##################(/**********(################(*****. .((##################(/**********(################(**...(
,.,*(####################/*******(####################((/. .(((####################/*******(###################.((((
,, **((############################################/ /(( .(((((############################################/ /((
,,, ,*((#########################################(..(((((( ..(((((#########################################(..(((((.
. .. ,**/(#####################################( .(((((((( ....(((((#####################################( .((((((.
(((((* ,(#################################((* /((((((((( ......(((((#################################( .(((((((.
((((((((((. ,(############################(../(((((((((( (((((((((. ,(############################(../(((((((((.
(((((((((/, ,####################(/..(((((((((( (((((((((/, ,####################(/..((((((((((.
(((((((((/,. ,*//////*,. ./((((((((((( (((((((((/,. ,*//////*,. ./(((((((((((.
((((((((((((((((((((((((((((/"); (((((((((((((((((((((((((((/", color_default);
Thread.Sleep(700);
} }
public static void PrintInit() public static void PrintInit()
{ {
Colorful.Console.WriteLine();
if (Program.banner) if (Program.banner)
PrintBanner(); PrintBanner();
@ -98,6 +100,8 @@ namespace winPEAS
Colorful.Console.WriteLineFormatted("{0} {1} by carlospolop", Color.Yellow, colorsString); Colorful.Console.WriteLineFormatted("{0} {1} by carlospolop", Color.Yellow, colorsString);
} }
Colorful.Console.WriteLine();
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:"); LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
PrintLeyend(); PrintLeyend();
} }
@ -133,8 +137,9 @@ namespace winPEAS
{ {
System.Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR); System.Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tquiet" + GRAY + " Do not print banner" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tquiet" + GRAY + " Do not print banner" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tansi" + GRAY + " Use ansi colors (see color from linux terminal)" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tansi" + GRAY + " Use ansi colors (see color from linux terminal)" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tfast" + GRAY + " This will avoid very time consuming checks" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tsearchfast" + GRAY + " Avoid sleeping while searching files (notable amount of resources)" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tfast" + GRAY + " Avoid very time consuming checks" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tcmd" + GRAY + " Obtain wifi, cred manager and clipboard information executing CMD commands" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tcmd" + GRAY + " Obtain wifi, cred manager and clipboard information executing CMD commands" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tsysteminfo" + GRAY + " Search system information" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tsysteminfo" + GRAY + " Search system information" + NOCOLOR);
System.Console.WriteLine(LBLUE + "\tuserinfo" + GRAY + " Search user information" + NOCOLOR); System.Console.WriteLine(LBLUE + "\tuserinfo" + GRAY + " Search user information" + NOCOLOR);
@ -151,8 +156,9 @@ namespace winPEAS
{ {
Colorful.Console.Write(" [*] ", Color.Yellow); Colorful.Console.WriteLine("WinPEAS is a binary to enumerate possible paths to escalate privileges locally", color_key); Colorful.Console.Write(" [*] ", Color.Yellow); Colorful.Console.WriteLine("WinPEAS is a binary to enumerate possible paths to escalate privileges locally", color_key);
Colorful.Console.Write("\tquiet", color_default); Colorful.Console.WriteLine(" Do not print banner", Color.Gray); Colorful.Console.Write("\tquiet", color_default); Colorful.Console.WriteLine(" Do not print banner", Color.Gray);
Colorful.Console.Write("\tansi", color_default); Colorful.Console.WriteLine(" Use ansi colors (see color from linux terminal)", Color.Gray); Colorful.Console.Write("\tansi", color_default); Colorful.Console.WriteLine(" Use ansi colors (see color from linux terminal)", Color.Gray);
Colorful.Console.Write("\tfast", color_default); Colorful.Console.WriteLine(" This will avoid very time consuming checks", Color.Gray); Colorful.Console.Write("\tsearchfast", color_default); Colorful.Console.WriteLine(" Avoid sleeping while searching files (notable amount of resources)", Color.Gray);
Colorful.Console.Write("\tfast", color_default); Colorful.Console.WriteLine(" Avoid very time consuming checks", Color.Gray);
Colorful.Console.Write("\tcmd", color_default); Colorful.Console.WriteLine(" Obtain wifi, cred manager and clipboard information executing CMD commands", Color.Gray); Colorful.Console.Write("\tcmd", color_default); Colorful.Console.WriteLine(" Obtain wifi, cred manager and clipboard information executing CMD commands", Color.Gray);
Colorful.Console.Write("\tsysteminfo", color_default); Colorful.Console.WriteLine(" Search system information", Color.Gray); Colorful.Console.Write("\tsysteminfo", color_default); Colorful.Console.WriteLine(" Search system information", Color.Gray);
Colorful.Console.Write("\tuserinfo", color_default); Colorful.Console.WriteLine(" Search user information", Color.Gray); Colorful.Console.Write("\tuserinfo", color_default); Colorful.Console.WriteLine(" Search user information", Color.Gray);

50
winPEAS/winPEASexe/winPEAS/MyUtils.cs
View File

@ -10,6 +10,7 @@ using System.Reflection;
using System.Security.AccessControl; using System.Security.AccessControl;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using Colorful; using Colorful;
using System.Threading;
namespace winPEAS namespace winPEAS
{ {
@ -334,7 +335,7 @@ namespace winPEAS
// with a file and is the combination of all rights in this enumeration. // with a file and is the combination of all rights in this enumeration.
int FullControl = 2032127; int FullControl = 2032127;
int[] permissions = { FullControl, TakeOwnership, ChangePermissions, Modify, Delete, Write, WriteAttributes, WriteExtendedAttributes, AppendData, WriteData }; int[] permissions = { FullControl, TakeOwnership, ChangePermissions, Modify, Write, WriteData, Delete, WriteAttributes, WriteExtendedAttributes, AppendData };
try try
{ {
FileSecurity fSecurity = File.GetAccessControl(path); FileSecurity fSecurity = File.GetAccessControl(path);
@ -349,8 +350,12 @@ namespace winPEAS
{ {
if ((perm & current_right) == perm) if ((perm & current_right) == perm)
{ {
results.Add(String.Format("{0} [{1}]", rule.IdentityReference.Value, rule.FileSystemRights)); string to_add = String.Format("{0} [{1}]", rule.IdentityReference.Value, rule.FileSystemRights);
break; if (!results.Contains(to_add))
{
results.Add(to_add);
break;
}
} }
} }
} }
@ -395,20 +400,20 @@ namespace winPEAS
return results; return results;
Dictionary<string, int> interesting_perms = new Dictionary<string, int>() Dictionary<string, int> interesting_perms = new Dictionary<string, int>()
{ {
{ "WriteData", (int)FileSystemRights.WriteData }, { "GenericAll", 268435456},
{ "AppendData", (int)FileSystemRights.AppendData }, { "FullControl", (int)FileSystemRights.FullControl },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes }, { "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes }, { "GenericWrite", 1073741824 },
{ "Write", (int)FileSystemRights.Write }, { "WriteData", (int)FileSystemRights.WriteData },
{ "Delete", (int)FileSystemRights.Delete }, { "Modify", (int)FileSystemRights.Modify },
{ "Modify", (int)FileSystemRights.Modify }, { "Write", (int)FileSystemRights.Write },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, { "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, { "Delete", (int)FileSystemRights.Delete },
{ "FullControl", (int)FileSystemRights.FullControl }, { "AppendData", (int)FileSystemRights.AppendData },
{ "GenericAll", 268435456}, { "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "GenericWrite", 1073741824 } { "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
}; };
FileSecurity fSecurity = File.GetAccessControl(path); FileSecurity fSecurity = File.GetAccessControl(path);
//Go through the rules returned from the DirectorySecurity //Go through the rules returned from the DirectorySecurity
@ -426,8 +431,12 @@ namespace winPEAS
{ {
if ((entry.Value & current_right) == entry.Value) if ((entry.Value & current_right) == entry.Value)
{ {
results.Add(String.Format("{0} [{1}]", rule.IdentityReference.Value, entry.Key)); string to_add = String.Format("{0} [{1}]", rule.IdentityReference.Value, entry.Key);
break; if (!results.Contains(to_add))
{
results.Add(to_add);
break;
}
} }
} }
} }
@ -560,6 +569,9 @@ namespace winPEAS
Colorful.Console.WriteLineStyled(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), ss); // .exe can be contained because of appcmd.exe Colorful.Console.WriteLineStyled(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), ss); // .exe can be contained because of appcmd.exe
} }
if (!Program.search_fast)
Thread.Sleep(Program.search_time);
// go recurse in all sub-directories // go recurse in all sub-directories
foreach (var directory in Directory.GetDirectories(path)) foreach (var directory in Directory.GetDirectories(path))
FindFiles(directory, patterns, ss, color); FindFiles(directory, patterns, ss, color);

17
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@ -9,8 +9,10 @@ namespace winPEAS
{ {
class Program class Program
{ {
public static bool banner = true;
public static string version = "vBETA VERSION"; public static string version = "vBETA VERSION";
public static bool banner = true;
public static bool search_fast = false;
public static int search_time = 150;
static bool is_fast = false; static bool is_fast = false;
static bool exec_cmd = false; static bool exec_cmd = false;
public static bool using_ansi = false; public static bool using_ansi = false;
@ -568,7 +570,7 @@ namespace winPEAS
if (autologon.Count > 0) { if (autologon.Count > 0) {
foreach (KeyValuePair<string, string> entry in autologon) foreach (KeyValuePair<string, string> entry in autologon)
{ {
if (entry.Value != null && entry.Value != "") if (!String.IsNullOrEmpty(entry.Value))
{ {
if (!ban) if (!ban)
{ {
@ -580,9 +582,9 @@ namespace winPEAS
else else
Colorful.Console.WriteLineStyled(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), CreateUsersSS()); Colorful.Console.WriteLineStyled(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), CreateUsersSS());
} }
else
Beaprint.NotFoundPrint();
} }
if (!ban)
Beaprint.NotFoundPrint();
} }
else else
Beaprint.NotFoundPrint(); Beaprint.NotFoundPrint();
@ -930,7 +932,7 @@ namespace winPEAS
Beaprint.MainPrint("Installed Applications --Via Program Files--", "T1083&T1012&T1010&T1518"); Beaprint.MainPrint("Installed Applications --Via Program Files--", "T1083&T1012&T1010&T1518");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software", "Check if you can modify installed software"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software", "Check if you can modify installed software");
Dictionary<string, Dictionary<string, string>> InstalledAppsPerms = ApplicationInfo.GetInstalledAppsPerms(); Dictionary<string, Dictionary<string, string>> InstalledAppsPerms = ApplicationInfo.GetInstalledAppsPerms();
string format = " ==> {0}({1})"; string format = " ==> {0} ({1})";
foreach (KeyValuePair<string, Dictionary<string, string>> app in InstalledAppsPerms) foreach (KeyValuePair<string, Dictionary<string, string>> app in InstalledAppsPerms)
{ {
if (String.IsNullOrEmpty(app.Value.ToString())) //If empty, nothing found, is good if (String.IsNullOrEmpty(app.Value.ToString())) //If empty, nothing found, is good
@ -1677,7 +1679,7 @@ namespace winPEAS
string using_HKLM_WSUS = MyUtils.GetRegValue("HKLM", path, "UseWUServer"); string using_HKLM_WSUS = MyUtils.GetRegValue("HKLM", path, "UseWUServer");
if (HKLM_WSUS.Contains("http://")) if (HKLM_WSUS.Contains("http://"))
{ {
Beaprint.BadPrint(" WSUS is using http!"); Beaprint.BadPrint(" WSUS is using http: " + HKLM_WSUS);
Beaprint.InfoPrint("You can test https://github.com/pimps/wsuxploit to escalate privileges"); Beaprint.InfoPrint("You can test https://github.com/pimps/wsuxploit to escalate privileges");
if (using_HKLM_WSUS == "1") if (using_HKLM_WSUS == "1")
Beaprint.BadPrint(" And UseWUServer is equals to 1, so it is vulnerable!"); Beaprint.BadPrint(" And UseWUServer is equals to 1, so it is vulnerable!");
@ -2260,6 +2262,9 @@ namespace winPEAS
if (string.Equals(arg, "quiet", StringComparison.CurrentCultureIgnoreCase)) if (string.Equals(arg, "quiet", StringComparison.CurrentCultureIgnoreCase))
banner = false; banner = false;
if (string.Equals(arg, "searchfast", StringComparison.CurrentCultureIgnoreCase))
search_fast = false;
if (string.Equals(arg, "help", StringComparison.CurrentCultureIgnoreCase)) if (string.Equals(arg, "help", StringComparison.CurrentCultureIgnoreCase))
{ {
Beaprint.PrintUsage(); Beaprint.PrintUsage();

2
winPEAS/winPEASexe/winPEAS/UserInfo.cs
View File

@ -296,7 +296,7 @@ namespace winPEAS
} }
else if (fullInfo) else if (fullInfo)
{ {
string userLine = user["Caption"] + ((string)user["Fullname"] != "false" ? "" : " (" + user["Fullname"] + ")") + ((bool)user["Disabled"] ? "(Disabled)" : "") + ((bool)user["Lockout"] ? "(Lockout)" : "") + (((string)user["Description"]).Length > 1 ? ": " + user["Description"] : ""); string userLine = user["Caption"] + ((bool)user["Disabled"] ? "(Disabled)" : "") + ((bool)user["Lockout"] ? "(Lockout)" : "") + ((string)user["Fullname"] != "false" ? "" : "(" + user["Fullname"] + ")") + (((string)user["Description"]).Length > 1 ? ": " + user["Description"] : "");
List<string> user_groups = GetUserGroups((string)user["Name"]); List<string> user_groups = GetUserGroups((string)user["Name"]);
string groupsLine = ""; string groupsLine = "";
if (user_groups.Count > 0) if (user_groups.Count > 0)

4
winPEAS/winPEASexe/winPEAS/Watson.cs
View File

@ -100,10 +100,10 @@ namespace winPEAS
{ {
foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable)) foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable))
{ {
Beaprint.BadPrint(String.Format(" [!] {0} : VULNERABLE", vuln.Identification)); Beaprint.BadPrint(String.Format(" [!] {0} : VULNERABLE", vuln.Identification));
foreach (string exploit in vuln.KnownExploits) foreach (string exploit in vuln.KnownExploits)
Beaprint.BadPrint(String.Format(" [>] {0}", exploit)); Beaprint.BadPrint(String.Format(" [>] {0}", exploit));
System.Console.WriteLine(); System.Console.WriteLine();
} }

BIN
winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb
View File

Binary file not shown.

2
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt
View File

@ -34,8 +34,8 @@ D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\b
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.Fody.CopyLocal.cache D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.Fody.CopyLocal.cache
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb
View File

Binary file not shown.

1
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt
View File

@ -14,3 +14,4 @@ D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\o
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache

BIN
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csprojAssemblyReference.cache Executable file
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe
View File

Binary file not shown.

BIN
winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb
View File

Binary file not shown.