From c8b28b1fb6fd53351e2f566d70513087fe9e7a59 Mon Sep 17 00:00:00 2001
From: godylockz <81207744+godylockz@users.noreply.github.com>
Date: Fri, 31 Dec 2021 12:18:31 -0500
Subject: [PATCH] Fix CRLF
---
README.md | 76 +-
winPEAS/README.md | 58 +-
winPEAS/winPEASexe/README.md | 576 +++----
winPEAS/winPEASexe/winPEAS.sln | 102 +-
winPEAS/winPEASexe/winPEAS/App.config | 12 +-
winPEAS/winPEASexe/winPEAS/FodyWeavers.xml | 4 +-
winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd | 220 +--
winPEAS/winPEASexe/winPEAS/Program.cs | 34 +-
.../winPEAS/Properties/AssemblyInfo.cs | 72 +-
winPEAS/winPEASexe/winPEAS/winPEAS.csproj | 1390 ++++++++---------
.../winPEASexe/winPEAS/winPEAS.csproj.user | 46 +-
11 files changed, 1295 insertions(+), 1295 deletions(-)
diff --git a/README.md b/README.md
index ac85f19..afeee10 100755
--- a/README.md
+++ b/README.md
@@ -1,38 +1,38 @@
-# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
-
-
-
-  
-
-# Basic Tutorial
-[](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7)
-
-
-Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**.
-
-These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.
-
-- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
-- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
-
-- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**
-- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
-
-## Quick Start
-Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
-
-## Let's improve PEASS together
-
-If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
-
-## PEASS Style
-
-Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
-
-## Advisory
-
-All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.
-
-
-
-By Polop(TM)
+# PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
+
+
+
+  
+
+# Basic Tutorial
+[](https://www.youtube.com/watch?v=9_fJv_weLU0&list=PL9fPq3eQfaaDxjpXaDYApfVA_IB8T14w7)
+
+
+Here you will find **privilege escalation tools for Windows and Linux/Unix\* and MacOS**.
+
+These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.
+
+- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
+- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
+
+- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)**
+- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
+
+## Quick Start
+Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
+
+## Let's improve PEASS together
+
+If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.
+
+## PEASS Style
+
+Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
+
+## Advisory
+
+All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.
+
+
+
+By Polop(TM)
diff --git a/winPEAS/README.md b/winPEAS/README.md
index 7396567..83bb7ae 100755
--- a/winPEAS/README.md
+++ b/winPEAS/README.md
@@ -1,29 +1,29 @@
-# Windows Privilege Escalation Awesome Scripts
-
-
-
-Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
-
-Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
-
-## Quick Start
-Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
-
-## WinPEAS .exe and .bat
-- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
-- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
- - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
-
-## Please, if this tool has been useful for you consider to donate
-
-[](https://www.patreon.com/peass)
-
-## PEASS Style
-
-Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
-
-## Advisory
-
-All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
-
-By Polop(TM)
+# Windows Privilege Escalation Awesome Scripts
+
+
+
+Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
+
+Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
+
+## Quick Start
+Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
+
+## WinPEAS .exe and .bat
+- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat)
+- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
+ - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
+
+## Please, if this tool has been useful for you consider to donate
+
+[](https://www.patreon.com/peass)
+
+## PEASS Style
+
+Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/stores/peass)** and show your love for our favorite peas
+
+## Advisory
+
+All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+
+By Polop(TM)
diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md
index 3e8fcbf..d612240 100755
--- a/winPEAS/winPEASexe/README.md
+++ b/winPEAS/winPEASexe/README.md
@@ -1,288 +1,288 @@
-# Windows Privilege Escalation Awesome Script (.exe)
-
-
-
-**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
-
-Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
-
-[](https://youtu.be/66gOwXMnxRI)
-
-## Quick Start
-
-**.Net >= 4.5.2 is required**
-
-Precompiled binaries:
-- Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/latest)** or **compile it yourself** (read instructions for compilation).
-
-```bash
-# Get latest release
-$latestRelease = Invoke-WebRequest https://github.com/carlospolop/PEASS-ng/releases/latest -Headers @{"Accept"="application/json"}
-$json = $latestRelease.Content | ConvertFrom-Json
-$latestVersion = $json.tag_name
-$url = "https://github.com/carlospolop/PEASS-ng/releases/download/$latestVersion/winPEASany_ofs.exe"
-
-# One liner to download and execute winPEASany from memory in a PS shell
-$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
-
-# Before cmd in 3 lines
-$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
-[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
-
-# Load from disk in memory and execute:
-$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
-[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
-
-# Load from disk in base64 and execute
-##Generate winpeas in Base64:
-[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
-##Now upload the B64 string to the victim inside a file or copy it to the clipboard
-
- ##If you have uploaded the B64 as afile load it with:
-$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
- ##If you have copied the B64 to the clipboard do:
-$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
-##Finally, load binary in memory and execute
-$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
-[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
-
-# Loading from file and executing a winpeas obfuscated version
-##Load obfuscated version
-$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
-$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
-[]::Main("") #Used the ReflectedType name to execute winpeas
-```
-
-## Parameters Examples
-
-```bash
-winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
-winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
-winpeas.exe notcolor #Do not color the output
-winpeas.exe domain #enumerate also domain information
-winpeas.exe wait #wait for user input between tests
-winpeas.exe debug #display additional debug information
-winpeas.exe log #log output to out.txt instead of standard output
-winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
-winpeas.exe -lolbas #Execute also additional LOLBAS search check
-```
-
-## Help
-```
-quiet Do not print banner
-notcolor Don't use ansi colors (all white)
-systeminfo Search system information
-userinfo Search user information
-processinfo Search processes information
-servicesinfo Search services information
-applicationsinfo Search installed applications information
-networkinfo Search network information
-windowscreds Search windows credentials
-browserinfo Search browser information
-filesinfo Search files that can contains credentials
-eventsinfo Display interesting events information
-wait Wait for user input between checks
-debug Display debugging information - memory usage, method execution time
-log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified
-
-Additional checks (slower):
--lolbas Run additional LOLBAS check
--linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
- (default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
-```
-
-## Basic information
-
-The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
-
-It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
-
-The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
-
-## Where are my COLORS?!?!?!
-
-The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD):
-```
-REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
-```
-
-Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
-
-
-## Instructions to compile you own obfuscated version
-
-In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
-
-To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
-
-To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*).
-
-Once you have installed and activated it you need to:
-1. **Compile** winpeas in VisualStudio
-2. **Open dotfuscator** app
-3. **Open** in dotfuscator **winPEAS.exe compiled**
-4. Click on **Build**
-5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
-
-**I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
-
-
-
-
-## Colors
-
-
-
-## Checks
-
-
- Details
-
-- **System Information**
- - [x] Basic System info information
- - [x] Use Watson to search for vulnerabilities
- - [x] Enumerate Microsoft updates
- - [x] PS, Audit, WEF and LAPS Settings
- - [x] LSA protection
- - [x] Credential Guard
- - [x] WDigest
- - [x] Number of cached cred
- - [x] Environment Variables
- - [x] Internet Settings
- - [x] Current drives information
- - [x] AV
- - [x] Windows Defender
- - [x] UAC configuration
- - [x] NTLM Settings
- - [x] Local Group Policy
- - [x] Applocker Configuration & bypass suggestions
- - [x] Printers
- - [x] Named Pipes
- - [x] AMSI Providers
- - [x] SysMon
- - [x] .NET Versions
-
-- **Users Information**
- - [x] Users information
- - [x] Current token privileges
- - [x] Clipboard text
- - [x] Current logged users
- - [x] RDP sessions
- - [x] Ever logged users
- - [x] Autologin credentials
- - [x] Home folders
- - [x] Password policies
- - [x] Local User details
- - [x] Logon Sessions
-
-- **Processes Information**
- - [x] Interesting processes (non Microsoft)
-
-- **Services Information**
- - [x] Interesting services (non Microsoft) information
- - [x] Modifiable services
- - [x] Writable service registry binpath
- - [x] PATH Dll Hijacking
-
-- **Applications Information**
- - [x] Current Active Window
- - [x] Installed software
- - [x] AutoRuns
- - [x] Scheduled tasks
- - [x] Device drivers
-
-- **Network Information**
- - [x] Current net shares
- - [x] Mapped drives (WMI)
- - [x] hosts file
- - [x] Network Interfaces
- - [x] Listening ports
- - [x] Firewall rules
- - [x] DNS Cache (limit 70)
- - [x] Internet Settings
-
-- **Windows Credentials**
- - [x] Windows Vault
- - [x] Credential Manager
- - [x] Saved RDP settings
- - [x] Recently run commands
- - [x] Default PS transcripts files
- - [x] DPAPI Masterkeys
- - [x] DPAPI Credential files
- - [x] Remote Desktop Connection Manager credentials
- - [x] Kerberos Tickets
- - [x] Wifi
- - [x] AppCmd.exe
- - [x] SSClient.exe
- - [x] SCCM
- - [x] Security Package Credentials
- - [x] AlwaysInstallElevated
- - [x] WSUS
-
-- **Browser Information**
- - [x] Firefox DBs
- - [x] Credentials in firefox history
- - [x] Chrome DBs
- - [x] Credentials in chrome history
- - [x] Current IE tabs
- - [x] Credentials in IE history
- - [x] IE Favorites
- - [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave
-
-- **Interesting Files and registry**
- - [x] Putty sessions
- - [x] Putty SSH host keys
- - [x] SuperPutty info
- - [x] Office365 endpoints synced by OneDrive
- - [x] SSH Keys inside registry
- - [x] Cloud credentials
- - [x] Check for unattended files
- - [x] Check for SAM & SYSTEM backups
- - [x] Check for cached GPP Passwords
- - [x] Check for and extract creds from McAffe SiteList.xml files
- - [x] Possible registries with credentials
- - [x] Possible credentials files in users homes
- - [x] Possible password files inside the Recycle bin
- - [x] Possible files containing credentials (this take some minutes)
- - [x] User documents (limit 100)
- - [x] Oracle SQL Developer config files check
- - [x] Slack files search
- - [x] Outlook downloads
- - [x] Machine and user certificate files
- - [x] Office most recent documents
- - [x] Hidden files and folders
- - [x] Executable files in non-default folders with write permissions
- - [x] WSL check
-
-- **Events Information**
- - [x] Logon + Explicit Logon Events
- - [x] Process Creation Events
- - [x] PowerShell Events
- - [x] Power On/Off Events
-
-- **Additional (slower) checks**
- - [x] LOLBAS search
- - [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
-
-
-
-## TODO
-- Add more checks
-- Mantain updated Watson (last JAN 2021)
-
-If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
-
-If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
-
-**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
-
-## Please, if this tool has been useful for you consider to donate
-
-[](https://www.patreon.com/peass)
-
-## Advisory
-
-All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
-
-
-By Polop(TM), makikvues (makikvues2[at]gmail[dot].com)
+# Windows Privilege Escalation Awesome Script (.exe)
+
+
+
+**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
+
+Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
+
+[](https://youtu.be/66gOwXMnxRI)
+
+## Quick Start
+
+**.Net >= 4.5.2 is required**
+
+Precompiled binaries:
+- Download the **[latest obfuscated and not obfuscated versions from here](https://github.com/carlospolop/PEASS-ng/releases/latest)** or **compile it yourself** (read instructions for compilation).
+
+```bash
+# Get latest release
+$latestRelease = Invoke-WebRequest https://github.com/carlospolop/PEASS-ng/releases/latest -Headers @{"Accept"="application/json"}
+$json = $latestRelease.Content | ConvertFrom-Json
+$latestVersion = $json.tag_name
+$url = "https://github.com/carlospolop/PEASS-ng/releases/download/$latestVersion/winPEASany_ofs.exe"
+
+# One liner to download and execute winPEASany from memory in a PS shell
+$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
+
+# Before cmd in 3 lines
+$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
+[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
+
+# Load from disk in memory and execute:
+$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
+[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
+
+# Load from disk in base64 and execute
+##Generate winpeas in Base64:
+[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
+##Now upload the B64 string to the victim inside a file or copy it to the clipboard
+
+ ##If you have uploaded the B64 as afile load it with:
+$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
+ ##If you have copied the B64 to the clipboard do:
+$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
+##Finally, load binary in memory and execute
+$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
+[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
+
+# Loading from file and executing a winpeas obfuscated version
+##Load obfuscated version
+$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
+$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
+[]::Main("") #Used the ReflectedType name to execute winpeas
+```
+
+## Parameters Examples
+
+```bash
+winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
+winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
+winpeas.exe notcolor #Do not color the output
+winpeas.exe domain #enumerate also domain information
+winpeas.exe wait #wait for user input between tests
+winpeas.exe debug #display additional debug information
+winpeas.exe log #log output to out.txt instead of standard output
+winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
+winpeas.exe -lolbas #Execute also additional LOLBAS search check
+```
+
+## Help
+```
+quiet Do not print banner
+notcolor Don't use ansi colors (all white)
+systeminfo Search system information
+userinfo Search user information
+processinfo Search processes information
+servicesinfo Search services information
+applicationsinfo Search installed applications information
+networkinfo Search network information
+windowscreds Search windows credentials
+browserinfo Search browser information
+filesinfo Search files that can contains credentials
+eventsinfo Display interesting events information
+wait Wait for user input between checks
+debug Display debugging information - memory usage, method execution time
+log=[logfile] Log all output to file defined as logfile, or to "out.txt" if not specified
+
+Additional checks (slower):
+-lolbas Run additional LOLBAS check
+-linpeas=[url] Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
+ (default: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
+```
+
+## Basic information
+
+The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.
+
+It should take only a **few seconds** to execute almost all the checks and **some seconds/minutes during the lasts checks searching for known filenames** that could contain passwords (the time depened on the number of files in your home folder). By default only **some** filenames that could contain credentials are searched, you can use the **searchall** parameter to search all the list (this could will add some minutes).
+
+The tool is based on **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
+
+## Where are my COLORS?!?!?!
+
+The **ouput will be colored** using **ansi** colors. If you are executing `winpeas.exe` **from a Windows console**, you need to set a registry value to see the colors (and open a new CMD):
+```
+REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
+```
+
+Below you have some indications about what does each color means exacty, but keep in mind that **Red** is for something interesting (from a pentester perspective) and **Green** is something well configured (from a defender perspective).
+
+
+## Instructions to compile you own obfuscated version
+
+In order to compile an **ofuscated version** of Winpeas and bypass some AVs you need to ** install dotfuscator ** in *VisualStudio*.
+
+To install it *open VisualStudio --> Go to Search (CTRL+Q) --> Write "dotfuscator"* and just follow the instructions to install it.
+
+To use **dotfuscator** you will need to **create an account** *(they will send you an email to the address you set during registration*).
+
+Once you have installed and activated it you need to:
+1. **Compile** winpeas in VisualStudio
+2. **Open dotfuscator** app
+3. **Open** in dotfuscator **winPEAS.exe compiled**
+4. Click on **Build**
+5. The **single, minimized and obfuscated binary** will appear in a **folder called Dotfuscator inside the folder were winPEAS.exe** and the DLL were (this location will be saved by dotfuscator and by default all the following builds will appear in this folder).
+
+**I'm sorry that all of this is necessary but is worth it. Dotfuscator minimizes a bit the size of the executable and obfuscates the code**.
+
+
+
+
+## Colors
+
+
+
+## Checks
+
+
+ Details
+
+- **System Information**
+ - [x] Basic System info information
+ - [x] Use Watson to search for vulnerabilities
+ - [x] Enumerate Microsoft updates
+ - [x] PS, Audit, WEF and LAPS Settings
+ - [x] LSA protection
+ - [x] Credential Guard
+ - [x] WDigest
+ - [x] Number of cached cred
+ - [x] Environment Variables
+ - [x] Internet Settings
+ - [x] Current drives information
+ - [x] AV
+ - [x] Windows Defender
+ - [x] UAC configuration
+ - [x] NTLM Settings
+ - [x] Local Group Policy
+ - [x] Applocker Configuration & bypass suggestions
+ - [x] Printers
+ - [x] Named Pipes
+ - [x] AMSI Providers
+ - [x] SysMon
+ - [x] .NET Versions
+
+- **Users Information**
+ - [x] Users information
+ - [x] Current token privileges
+ - [x] Clipboard text
+ - [x] Current logged users
+ - [x] RDP sessions
+ - [x] Ever logged users
+ - [x] Autologin credentials
+ - [x] Home folders
+ - [x] Password policies
+ - [x] Local User details
+ - [x] Logon Sessions
+
+- **Processes Information**
+ - [x] Interesting processes (non Microsoft)
+
+- **Services Information**
+ - [x] Interesting services (non Microsoft) information
+ - [x] Modifiable services
+ - [x] Writable service registry binpath
+ - [x] PATH Dll Hijacking
+
+- **Applications Information**
+ - [x] Current Active Window
+ - [x] Installed software
+ - [x] AutoRuns
+ - [x] Scheduled tasks
+ - [x] Device drivers
+
+- **Network Information**
+ - [x] Current net shares
+ - [x] Mapped drives (WMI)
+ - [x] hosts file
+ - [x] Network Interfaces
+ - [x] Listening ports
+ - [x] Firewall rules
+ - [x] DNS Cache (limit 70)
+ - [x] Internet Settings
+
+- **Windows Credentials**
+ - [x] Windows Vault
+ - [x] Credential Manager
+ - [x] Saved RDP settings
+ - [x] Recently run commands
+ - [x] Default PS transcripts files
+ - [x] DPAPI Masterkeys
+ - [x] DPAPI Credential files
+ - [x] Remote Desktop Connection Manager credentials
+ - [x] Kerberos Tickets
+ - [x] Wifi
+ - [x] AppCmd.exe
+ - [x] SSClient.exe
+ - [x] SCCM
+ - [x] Security Package Credentials
+ - [x] AlwaysInstallElevated
+ - [x] WSUS
+
+- **Browser Information**
+ - [x] Firefox DBs
+ - [x] Credentials in firefox history
+ - [x] Chrome DBs
+ - [x] Credentials in chrome history
+ - [x] Current IE tabs
+ - [x] Credentials in IE history
+ - [x] IE Favorites
+ - [x] Extracting saved passwords for: Firefox, Chrome, Opera, Brave
+
+- **Interesting Files and registry**
+ - [x] Putty sessions
+ - [x] Putty SSH host keys
+ - [x] SuperPutty info
+ - [x] Office365 endpoints synced by OneDrive
+ - [x] SSH Keys inside registry
+ - [x] Cloud credentials
+ - [x] Check for unattended files
+ - [x] Check for SAM & SYSTEM backups
+ - [x] Check for cached GPP Passwords
+ - [x] Check for and extract creds from McAffe SiteList.xml files
+ - [x] Possible registries with credentials
+ - [x] Possible credentials files in users homes
+ - [x] Possible password files inside the Recycle bin
+ - [x] Possible files containing credentials (this take some minutes)
+ - [x] User documents (limit 100)
+ - [x] Oracle SQL Developer config files check
+ - [x] Slack files search
+ - [x] Outlook downloads
+ - [x] Machine and user certificate files
+ - [x] Office most recent documents
+ - [x] Hidden files and folders
+ - [x] Executable files in non-default folders with write permissions
+ - [x] WSL check
+
+- **Events Information**
+ - [x] Logon + Explicit Logon Events
+ - [x] Process Creation Events
+ - [x] PowerShell Events
+ - [x] Power On/Off Events
+
+- **Additional (slower) checks**
+ - [x] LOLBAS search
+ - [x] run **[linpeas.sh](https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)** in default WSL distribution
+
+
+
+## TODO
+- Add more checks
+- Mantain updated Watson (last JAN 2021)
+
+If you want to help with any of this, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** or you can submit a pull request.
+
+If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.
+
+**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
+
+## Please, if this tool has been useful for you consider to donate
+
+[](https://www.patreon.com/peass)
+
+## Advisory
+
+All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+
+
+By Polop(TM), makikvues (makikvues2[at]gmail[dot].com)
diff --git a/winPEAS/winPEASexe/winPEAS.sln b/winPEAS/winPEASexe/winPEAS.sln
index 516c817..5c03dae 100755
--- a/winPEAS/winPEASexe/winPEAS.sln
+++ b/winPEAS/winPEASexe/winPEAS.sln
@@ -1,51 +1,51 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.29326.143
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}"
-EndProject
-Global
- GlobalSection(SolutionConfigurationPlatforms) = preSolution
- Debug|Any CPU = Debug|Any CPU
- Debug|x64 = Debug|x64
- Debug|x86 = Debug|x86
- Release|Any CPU = Release|Any CPU
- Release|x64 = Release|x64
- Release|x86 = Release|x86
- EndGlobalSection
- GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU
- {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU
- EndGlobalSection
- GlobalSection(SolutionProperties) = preSolution
- HideSolutionNode = FALSE
- EndGlobalSection
- GlobalSection(ExtensibilityGlobals) = postSolution
- SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C}
- EndGlobalSection
-EndGlobal
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29326.143
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS", "winPEAS\winPEAS.csproj", "{D934058E-A7DB-493F-A741-AE8E3DF867F4}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "winPEAS.Tests", "Tests\winPEAS.Tests.csproj", "{66AA4619-4D0F-4226-9D96-298870E9BB50}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Debug|x64 = Debug|x64
+ Debug|x86 = Debug|x86
+ Release|Any CPU = Release|Any CPU
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.ActiveCfg = Debug|x64
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x64.Build.0 = Debug|x64
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.ActiveCfg = Debug|x86
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Debug|x86.Build.0 = Debug|x86
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|Any CPU.Build.0 = Release|Any CPU
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.ActiveCfg = Release|x64
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x64.Build.0 = Release|x64
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.ActiveCfg = Release|x86
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}.Release|x86.Build.0 = Release|x86
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x64.Build.0 = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.ActiveCfg = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Debug|x86.Build.0 = Debug|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|Any CPU.Build.0 = Release|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.ActiveCfg = Release|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x64.Build.0 = Release|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.ActiveCfg = Release|Any CPU
+ {66AA4619-4D0F-4226-9D96-298870E9BB50}.Release|x86.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {D5215BC3-80A2-4E63-B560-A8F78A763B7C}
+ EndGlobalSection
+EndGlobal
diff --git a/winPEAS/winPEASexe/winPEAS/App.config b/winPEAS/winPEASexe/winPEAS/App.config
index 0ebfe34..13c6c69 100755
--- a/winPEAS/winPEASexe/winPEAS/App.config
+++ b/winPEAS/winPEASexe/winPEAS/App.config
@@ -1,6 +1,6 @@
-
-
-
-
-
-
+
+
+
+
+
+
diff --git a/winPEAS/winPEASexe/winPEAS/FodyWeavers.xml b/winPEAS/winPEASexe/winPEAS/FodyWeavers.xml
index f1dea8f..5029e70 100755
--- a/winPEAS/winPEASexe/winPEAS/FodyWeavers.xml
+++ b/winPEAS/winPEASexe/winPEAS/FodyWeavers.xml
@@ -1,3 +1,3 @@
-
-
+
+
\ No newline at end of file
diff --git a/winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd b/winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd
index 8ac6e92..44a5374 100755
--- a/winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd
+++ b/winPEAS/winPEASexe/winPEAS/FodyWeavers.xsd
@@ -1,111 +1,111 @@
-
-
-
-
-
-
-
-
-
-
-
- A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks
-
-
-
-
- A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.
-
-
-
-
- A list of unmanaged 32 bit assembly names to include, delimited with line breaks.
-
-
-
-
- A list of unmanaged 64 bit assembly names to include, delimited with line breaks.
-
-
-
-
- The order of preloaded assemblies, delimited with line breaks.
-
-
-
-
-
- This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.
-
-
-
-
- Controls if .pdbs for reference assemblies are also embedded.
-
-
-
-
- Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.
-
-
-
-
- As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.
-
-
-
-
- Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.
-
-
-
-
- Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.
-
-
-
-
- A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |
-
-
-
-
- A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.
-
-
-
-
- A list of unmanaged 32 bit assembly names to include, delimited with |.
-
-
-
-
- A list of unmanaged 64 bit assembly names to include, delimited with |.
-
-
-
-
- The order of preloaded assemblies, delimited with |.
-
-
-
-
-
-
-
- 'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.
-
-
-
-
- A comma-separated list of error codes that can be safely ignored in assembly verification.
-
-
-
-
- 'false' to turn off automatic generation of the XML Schema file.
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ The order of preloaded assemblies, delimited with line breaks.
+
+
+
+
+
+ This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.
+
+
+
+
+ Controls if .pdbs for reference assemblies are also embedded.
+
+
+
+
+ Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.
+
+
+
+
+ As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.
+
+
+
+
+ Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.
+
+
+
+
+ Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with |.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with |.
+
+
+
+
+ The order of preloaded assemblies, delimited with |.
+
+
+
+
+
+
+
+ 'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.
+
+
+
+
+ A comma-separated list of error codes that can be safely ignored in assembly verification.
+
+
+
+
+ 'false' to turn off automatic generation of the XML Schema file.
+
+
+
+
\ No newline at end of file
diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs
index b0fd0fb..f0baef7 100755
--- a/winPEAS/winPEASexe/winPEAS/Program.cs
+++ b/winPEAS/winPEASexe/winPEAS/Program.cs
@@ -1,17 +1,17 @@
-using System;
-
-
-namespace winPEAS
-{
- public static class Program
- {
- // Static blacklists
- //static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
-
- [STAThread]
- public static void Main(string[] args)
- {
- Checks.Checks.Run(args);
- }
- }
-}
+using System;
+
+
+namespace winPEAS
+{
+ public static class Program
+ {
+ // Static blacklists
+ //static string goodSoft = "Windows Phone Kits|Windows Kits|Windows Defender|Windows Mail|Windows Media Player|Windows Multimedia Platform|windows nt|Windows Photo Viewer|Windows Portable Devices|Windows Security|Windows Sidebar|WindowsApps|WindowsPowerShell| Windows$|Microsoft|WOW6432Node|internet explorer|Internet Explorer|Common Files";
+
+ [STAThread]
+ public static void Main(string[] args)
+ {
+ Checks.Checks.Run(args);
+ }
+ }
+}
diff --git a/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs b/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
index be338e0..174d471 100755
--- a/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
@@ -1,36 +1,36 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("asdas2dasd")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("asdas2dasd")]
-[assembly: AssemblyCopyright("Copyright © 2019")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components. If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
-
-// Version information for an assembly consists of the following four values:
-//
-// Major Version
-// Minor Version
-// Build Number
-// Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("asdas2dasd")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("asdas2dasd")]
+[assembly: AssemblyCopyright("Copyright © 2019")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
index d9bf88a..e6317b9 100755
--- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
+++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
@@ -1,696 +1,696 @@
-
-
-
-
- Debug
- AnyCPU
- {D934058E-A7DB-493F-A741-AE8E3DF867F4}
- Exe
- winPEAS
- winPEAS
- v4.5.2
- 512
- true
-
-
-
-
-
- AnyCPU
- true
- full
- false
- bin\Debug\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- prompt
- 4
- false
- 8.0
- true
-
-
- AnyCPU
- pdbonly
- true
- bin\Release\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- prompt
- 4
- false
- 8.0
- false
- MinimumRecommendedRules.ruleset
- true
-
-
- true
-
-
- true
- bin\x64\Debug\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- full
- AnyCPU
- 8.0
- prompt
- MinimumRecommendedRules.ruleset
- false
- true
- 0168 ; 0169; 0414; 0618; 0649
-
-
- bin\x64\Release\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- true
- pdbonly
- x64
- 8.0
- prompt
- MinimumRecommendedRules.ruleset
- false
- true
-
-
- true
- bin\x86\Debug\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- full
- x86
- 8.0
- prompt
- MinimumRecommendedRules.ruleset
- false
- true
-
-
- bin\x86\Release\
- TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
- true
- pdbonly
- x86
- 8.0
- prompt
- MinimumRecommendedRules.ruleset
- false
- true
-
-
- winPEAS.Program
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- True
- True
- Resources.resx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Designer
-
-
- Designer
-
-
-
-
-
-
-
-
-
-
- ResXFileCodeGenerator
- Resources.Designer.cs
-
-
-
-
-
+
+
+
+
+ Debug
+ AnyCPU
+ {D934058E-A7DB-493F-A741-AE8E3DF867F4}
+ Exe
+ winPEAS
+ winPEAS
+ v4.5.2
+ 512
+ true
+
+
+
+
+
+ AnyCPU
+ true
+ full
+ false
+ bin\Debug\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ prompt
+ 4
+ false
+ 8.0
+ true
+
+
+ AnyCPU
+ pdbonly
+ true
+ bin\Release\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ prompt
+ 4
+ false
+ 8.0
+ false
+ MinimumRecommendedRules.ruleset
+ true
+
+
+ true
+
+
+ true
+ bin\x64\Debug\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ full
+ AnyCPU
+ 8.0
+ prompt
+ MinimumRecommendedRules.ruleset
+ false
+ true
+ 0168 ; 0169; 0414; 0618; 0649
+
+
+ bin\x64\Release\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ true
+ pdbonly
+ x64
+ 8.0
+ prompt
+ MinimumRecommendedRules.ruleset
+ false
+ true
+
+
+ true
+ bin\x86\Debug\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ full
+ x86
+ 8.0
+ prompt
+ MinimumRecommendedRules.ruleset
+ false
+ true
+
+
+ bin\x86\Release\
+ TRUE WIN32 _MSC_VER NDEBUG NO_TCL SQLITE_ASCII SQLITE_DISABLE_LFS SQLITE_ENABLE_OVERSIZE_CELL_CHECK SQLITE_MUTEX_OMIT SQLITE_OMIT_AUTHORIZATION SQLITE_OMIT_DEPRECATED SQLITE_OMIT_GET_TABLE SQLITE_OMIT_INCRBLOB SQLITE_OMIT_LOOKASIDE SQLITE_OMIT_SHARED_CACHE SQLITE_OMIT_UTF16 SQLITE_OMIT_VIRTUALTABLE SQLITE_OS_WIN SQLITE_SYSTEM_MALLOC VDBE_PROFILE_OFF
+ true
+ pdbonly
+ x86
+ 8.0
+ prompt
+ MinimumRecommendedRules.ruleset
+ false
+ true
+
+
+ winPEAS.Program
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ True
+ True
+ Resources.resx
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Designer
+
+
+ Designer
+
+
+
+
+
+
+
+
+
+
+ ResXFileCodeGenerator
+ Resources.Designer.cs
+
+
+
+
+
\ No newline at end of file
diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user
index 6aa9197..b3a472e 100755
--- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user
+++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj.user
@@ -1,24 +1,24 @@
-
-
-
-
-
-
-
- servicesinfo
-
-
- debug
-
-
- fast
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+ servicesinfo
+
+
+ debug
+
+
+ fast
+
+
+
+
+
+
+
+
+
\ No newline at end of file