darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #113 from makikvues/master

Browse Source 
Introduced PermissionTypes enum, added AllowUnsafeBlocks for all configurations
This commit is contained in:
Carlos Polop 2021-03-05 00:18:01 +00:00 committed by GitHub
commit bcfd7a8bc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 59 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
View File

@ -201,7 +201,7 @@ namespace winPEAS.Checks
List<string> sam_files = InterestingFiles.InterestingFiles.GetSAMBackups();
foreach (string path in sam_files)
{
var permissions = PermissionsHelper.GetPermissionsFile(path, Checks.CurrentUserSiDs);
var permissions = PermissionsHelper.GetPermissionsFile(path, Checks.CurrentUserSiDs, PermissionType.READABLE_OR_WRITABLE);
if (permissions.Any())
{
@ -593,7 +593,7 @@ namespace winPEAS.Checks
FileAttributes attr = File.GetAttributes(file.FullPath);
if ((attr & FileAttributes.Directory) == FileAttributes.Directory)
{
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(file.FullPath, Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (dirRights.Count > 0)
{
@ -602,7 +602,7 @@ namespace winPEAS.Checks
}
else
{
List<string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
List<string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (fileRights.Count > 0)
{
@ -761,7 +761,7 @@ namespace winPEAS.Checks
if (file.Extension != null && allowedExtensions.Contains(file.Extension.ToLower()))
{
// check the file permissions
List<string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
List<string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (fileRights.Count > 0)
{

8
winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs
View File

@ -200,7 +200,7 @@ namespace winPEAS.Helpers.AppLocker
if (Directory.Exists(normalizedPath))
{
// can we write to the directory ?
var folderPermissions = PermissionsHelper.GetPermissionsFolder(normalizedPath, Checks.Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
var folderPermissions = PermissionsHelper.GetPermissionsFolder(normalizedPath, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
// we can write
if (folderPermissions.Count > 0)
@ -216,7 +216,7 @@ namespace winPEAS.Helpers.AppLocker
// iterate over applocker bypass directories and check them
foreach (var subfolders in _appLockerByPassDirectoriesByPath[normalizedPath])
{
var subfolderPermissions = PermissionsHelper.GetPermissionsFolder(subfolders, Checks.Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
var subfolderPermissions = PermissionsHelper.GetPermissionsFolder(subfolders, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
// we can write
if (subfolderPermissions.Count > 0)
@ -373,7 +373,7 @@ namespace winPEAS.Helpers.AppLocker
if (File.Exists(path))
{
var filePermissions = PermissionsHelper.GetPermissionsFile(path, Checks.Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
var filePermissions = PermissionsHelper.GetPermissionsFile(path, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (filePermissions.Count > 0)
{
@ -425,7 +425,7 @@ namespace winPEAS.Helpers.AppLocker
}
else
{
var folderPermissions = PermissionsHelper.GetPermissionsFolder(directory, Checks.Checks.CurrentUserSiDs, isOnlyWriteOrEquivalentCheck: true);
var folderPermissions = PermissionsHelper.GetPermissionsFolder(directory, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (folderPermissions.Count > 0)
{

58
winPEAS/winPEASexe/winPEAS/Helpers/PermissionsHelper.cs
View File

@ -9,13 +9,21 @@ using Microsoft.Win32;
namespace winPEAS.Helpers
{
internal enum PermissionType
{
DEFAULT,
READABLE_OR_WRITABLE,
WRITEABLE_OR_EQUIVALENT
}
///////////////////////////////////
//////// Check Permissions ////////
///////////////////////////////////
/// Get interesting permissions from Files, Folders and Registry
internal static class PermissionsHelper
{
public static List<string> GetPermissionsFile(string path, Dictionary<string, string> SIDs, bool isOnlyWriteOrEquivalentCheck = false)
public static List<string> GetPermissionsFile(string path, Dictionary<string, string> SIDs, PermissionType permissionType = PermissionType.DEFAULT)
{
/*Permisos especiales para carpetas
*https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask-format?redirectedfrom=MSDN
@ -36,7 +44,7 @@ namespace winPEAS.Helpers
try
{
FileSecurity fSecurity = File.GetAccessControl(path);
results = GetMyPermissionsF(fSecurity, SIDs, isOnlyWriteOrEquivalentCheck);
results = GetMyPermissionsF(fSecurity, SIDs, permissionType);
}
catch
{
@ -45,7 +53,7 @@ namespace winPEAS.Helpers
return results;
}
public static List<string> GetPermissionsFolder(string path, Dictionary<string, string> SIDs, bool isOnlyWriteOrEquivalentCheck = false)
public static List<string> GetPermissionsFolder(string path, Dictionary<string, string> SIDs, PermissionType permissionType = PermissionType.DEFAULT)
{
List<string> results = new List<string>();
@ -65,7 +73,7 @@ namespace winPEAS.Helpers
}
FileSecurity fSecurity = File.GetAccessControl(path);
results = GetMyPermissionsF(fSecurity, SIDs, isOnlyWriteOrEquivalentCheck);
results = GetMyPermissionsF(fSecurity, SIDs, permissionType);
}
catch
{
@ -74,7 +82,7 @@ namespace winPEAS.Helpers
return results;
}
public static List<string> GetMyPermissionsF(FileSecurity fSecurity, Dictionary<string, string> SIDs, bool isOnlyWriteOrEquivalentCheck = false)
public static List<string> GetMyPermissionsF(FileSecurity fSecurity, Dictionary<string, string> SIDs, PermissionType permissionType = PermissionType.DEFAULT)
{
// Get interesting permissions in fSecurity (Only files and folders)
List<string> results = new List<string>();
@ -84,7 +92,7 @@ namespace winPEAS.Helpers
{
//First, check if the rule to check is interesting
int current_perm = (int)rule.FileSystemRights;
string current_perm_str = PermInt2Str(current_perm, isOnlyWriteOrEquivalentCheck);
string current_perm_str = PermInt2Str(current_perm, permissionType);
if (current_perm_str == "")
{
continue;
@ -133,7 +141,7 @@ namespace winPEAS.Helpers
foreach (RegistryAccessRule rule in rSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
int current_perm = (int)rule.RegistryRights;
string current_perm_str = PermInt2Str(current_perm, true);
string current_perm_str = PermInt2Str(current_perm, PermissionType.WRITEABLE_OR_EQUIVALENT);
if (current_perm_str == "")
continue;
@ -169,9 +177,38 @@ namespace winPEAS.Helpers
return results;
}
public static string PermInt2Str(int current_perm, bool only_write_or_equivalent = false, bool is_service = false)
public static string PermInt2Str(int current_perm, PermissionType permissionType = PermissionType.DEFAULT, bool is_service = false)
{
Dictionary<string, int> interesting_perms = new Dictionary<string, int>()
Dictionary<string, int> interesting_perms = new Dictionary<string, int>();
if (permissionType == PermissionType.DEFAULT)
{
interesting_perms = new Dictionary<string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff},
{ "GenericAll", 0x10000000},
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
else if (permissionType == PermissionType.READABLE_OR_WRITABLE)
{
interesting_perms = new Dictionary<string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff},
@ -195,8 +232,9 @@ namespace winPEAS.Helpers
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
if (only_write_or_equivalent)
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT)
{
interesting_perms = new Dictionary<string, int>()
{

2
winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs
View File

@ -219,7 +219,7 @@ namespace winPEAS.Info.ServicesInfo
{
int serviceRights = ace.AccessMask;
string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, true, true);
string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, PermissionType.WRITEABLE_OR_EQUIVALENT, true);
if (!string.IsNullOrEmpty(current_perm_str) && !permissions.Contains(current_perm_str))
permissions.Add(current_perm_str);
}

2
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

@ -40,6 +40,7 @@
<LangVersion>8.0</LangVersion>
<RunCodeAnalysis>false</RunCodeAnalysis>
<CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
@ -91,6 +92,7 @@
<ErrorReport>prompt</ErrorReport>
<CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
<Prefer32Bit>false</Prefer32Bit>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup>
<StartupObject>winPEAS.Program</StartupObject>