Merge pull request #473 from Signum21/master

Fix IdentityNotMappedException in Vulnerable Leaked Handlers
2025-05-31 22:36:49 +02:00 · 2025-05-31 22:36:49 +02:00 · c3a93a57fe
commit c3a93a57fe
parent 11e9b8dde6 f62d9fc550
2 changed files with 9 additions and 4 deletions
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@ -81,7 +81,7 @@ namespace winPEAS.Helpers
       /---------------------------------------------------------------------------------\
       |                             {1}Do you like PEASS?{0}                                  |
       |---------------------------------------------------------------------------------| 
-       |         {3}Learn Cloud Hacking{0}       :     {2}training.hacktricks.xyz {0}                 |
+       |         {3}Learn Cloud Hacking{0}       :     {2}training.hacktricks.xyz {0}                |
       |         {3}Follow on Twitter{0}         :     {2}@hacktricks_live{0}                        |
       |         {3}Respect on HTB{0}            :     {2}SirBroccoli            {0}                 |
       |---------------------------------------------------------------------------------|
--- a/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
@ -195,11 +195,11 @@ namespace winPEAS.Info.ProcessInfo
                                continue;

                            List<string> permsFile = PermissionsHelper.GetPermissionsFile(sFilePath, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT);
+                            IdentityReference sid = null;
                            try
                            {
                                System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(sFilePath);
-                                IdentityReference sid = fs.GetOwner(typeof(SecurityIdentifier));
-                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
+                                sid = fs.GetOwner(typeof(SecurityIdentifier));

                                // If current user already have permissions over that file or the proc belongs to the owner of the file,
                                // handler not interesting to elevate privs
@ -207,6 +207,8 @@ namespace winPEAS.Info.ProcessInfo
                                    continue;

                                to_add["File Path"] = sFilePath;
+
+                                string ownerName = sid.Translate(typeof(NTAccount)).ToString();
                                to_add["File Owner"] = ownerName;
                            }
                            catch (System.IO.FileNotFoundException)
@ -218,7 +220,10 @@ namespace winPEAS.Info.ProcessInfo
                            {
                                continue;
                            }
-
+                            catch (System.Security.Principal.IdentityNotMappedException)
+                            {
+                                to_add["File Owner"] = sid.ToString();
+                            }
                        }

                        else if (typeName == "key")