From d091dbcba5af2e734e2fbe2e7e12f11d34b55daf Mon Sep 17 00:00:00 2001 From: makikvues Date: Fri, 8 Jan 2021 14:40:01 +0100 Subject: [PATCH] - updated Watson + cleanup --- winPEAS/winPEASexe/winPEAS/Program.cs | 5 +- winPEAS/winPEASexe/winPEAS/Watson.cs | 1066 ----------------- .../winPEAS/Watson/Msrc/CVE-2019-0836.cs | 105 ++ .../winPEAS/Watson/Msrc/CVE-2019-0841.cs | 82 ++ .../winPEAS/Watson/Msrc/CVE-2019-1064.cs | 102 ++ .../winPEAS/Watson/Msrc/CVE-2019-1130.cs | 109 ++ .../winPEAS/Watson/Msrc/CVE-2019-1253.cs | 86 ++ .../winPEAS/Watson/Msrc/CVE-2019-1315.cs | 100 ++ .../winPEAS/Watson/Msrc/CVE-2019-1385.cs | 83 ++ .../winPEAS/Watson/Msrc/CVE-2019-1388.cs | 89 ++ .../winPEAS/Watson/Msrc/CVE-2019-1405.cs | 101 ++ .../winPEAS/Watson/Msrc/CVE-2020-0668.cs | 98 ++ .../winPEAS/Watson/Msrc/CVE-2020-0683.cs | 98 ++ .../winPEAS/Watson/Msrc/CVE-2020-1013.cs | 90 ++ .../winPEAS/Watson/Vulnerability.cs | 18 + .../winPEAS/Watson/VulnerabilityCollection.cs | 102 ++ winPEAS/winPEASexe/winPEAS/Watson/Watson.cs | 80 ++ winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs | 63 + winPEAS/winPEASexe/winPEAS/winPEAS.csproj | 17 +- 19 files changed, 1425 insertions(+), 1069 deletions(-) delete mode 100755 winPEAS/winPEASexe/winPEAS/Watson.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0836.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0841.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1064.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1130.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1253.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1315.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1385.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1388.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1405.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0668.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0683.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-1013.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Vulnerability.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/VulnerabilityCollection.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Watson.cs create mode 100644 winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs index fce782a..8dd3374 100755 --- a/winPEAS/winPEASexe/winPEAS/Program.cs +++ b/winPEAS/winPEASexe/winPEAS/Program.cs @@ -10,7 +10,7 @@ namespace winPEAS { class Program { - public static string version = "v1.1"; + public static string version = "v2.0-beta"; public static string advisory = "winpeas should be used for authorized penetration testing and/or educational purposes only.Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission."; public static bool banner = true; public static bool search_fast = true; @@ -179,7 +179,8 @@ namespace winPEAS }; Beaprint.DictPrint(basicDictSystem, colorsSI, false); System.Console.WriteLine(); - Watson.FindVulns(); + Watson.Watson.FindVulns(); + //To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function) //Usually you won't need to do anything with the classes Wmi, Vulnerability and VulnerabilityCollection } diff --git a/winPEAS/winPEASexe/winPEAS/Watson.cs b/winPEAS/winPEASexe/winPEAS/Watson.cs deleted file mode 100755 index be077fa..0000000 --- a/winPEAS/winPEASexe/winPEAS/Watson.cs +++ /dev/null @@ -1,1066 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Management; - -namespace winPEAS -{ - ////////////////////////////// - ///////// WMI CLASS ////////// - ////////////////////////////// - public class Wmi - { - public static List GetInstalledKBs() - { - List KbList = new List(); - - try - { - using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering")) - { - ManagementObjectCollection collection = searcher.Get(); - - foreach (ManagementObject kb in collection) - { - KbList.Add(kb["HotFixID"].ToString().Remove(0, 2)); - } - } - } - catch (ManagementException e) - { - System.Console.Error.WriteLine(" [!] {0}", e.Message); - } - - return KbList; - } - - public static string GetBuildNumber() - { - string buildNum = string.Empty; - - try - { - using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem")) - { - ManagementObjectCollection collection = searcher.Get(); - - foreach (ManagementObject num in collection) - { - buildNum = (string)num["BuildNumber"]; - } - } - } - catch (ManagementException e) - { - System.Console.Error.WriteLine(" [!] {0}", e.Message); - } - - return buildNum; - } - } - - ////////////////////////////// - ///// VULNERABILITY CLASS //// - ////////////////////////////// - public class Vulnerability - { - public string Identification { get; } - public string[] KnownExploits { get; } - public bool Vulnerable { get; private set; } - - public Vulnerability(string id, string[] exploits) - { - Identification = id; - KnownExploits = exploits; - } - - public void SetAsVulnerable() - => Vulnerable = true; - } - - - ////////////////////////////// - // VULNERABILITYCOLLECTION CLASS - ////////////////////////////// - public class VulnerabilityCollection - { - private readonly List _vulnerabilities; - - public void SetAsVulnerable(string id) - => _vulnerabilities.First(e => e.Identification == id).SetAsVulnerable(); - - public VulnerabilityCollection() - { - _vulnerabilities = Populate(); - } - - public void ShowResults() - { - foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable)) - { - Beaprint.BadPrint(String.Format(" [!] {0} : VULNERABLE", vuln.Identification)); - - foreach (string exploit in vuln.KnownExploits) - Beaprint.BadPrint(String.Format(" [>] {0}", exploit)); - - System.Console.WriteLine(); - } - - if (_vulnerabilities.Any(e => e.Vulnerable)) - System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansi_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR); - - else - Beaprint.GrayPrint(" Finished. Found 0 vulnerabilities.\r\n"); - } - - private List Populate() - { - return new List() - { - new Vulnerability( - id: "CVE-2019-0836", - exploits: new string[] { "https://exploit-db.com/exploits/46718", "https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/" } - ), - - new Vulnerability( - id: "CVE-2019-0841", - exploits: new string[] { "https://github.com/rogue-kdc/CVE-2019-0841", "https://rastamouse.me/tags/cve-2019-0841/" } - ), - - new Vulnerability( - id: "CVE-2019-1064", - exploits: new string[] { "https://www.rythmstick.net/posts/cve-2019-1064/" } - ), - - new Vulnerability( - id: "CVE-2019-1130", - exploits: new string[] { "https://github.com/S3cur3Th1sSh1t/SharpByeBear" } - ), - - new Vulnerability( - id: "CVE-2019-1253", - exploits: new string[] { "https://github.com/padovah4ck/CVE-2019-1253" } - ), - - new Vulnerability( - id: "CVE-2019-1315", - exploits: new string[] { "https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html" } - ), - - new Vulnerability( - id: "CVE-2019-1385", - exploits: new string[] { "https://www.youtube.com/watch?v=K6gHnr-VkAg" } - ), - - new Vulnerability( - id: "CVE-2019-1388", - exploits: new string[] { "https://github.com/jas502n/CVE-2019-1388" } - ), - - new Vulnerability( - id: "CVE-2019-1405", - exploits: new string[] { "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/" } - ) - }; - - } - } - - - ////////////////////////////// - //////// CVEs CLASSES //////// - ////////////////////////////// - internal static class CVE_2019_0836 - { - private const string name = "CVE-2019-0836"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - "4493475", "4498375", "4499154", "4505051", "4503291", - "4507458", "4512497", "4517276", "4516070", "4522009", - "4520011", "4524153", "4525232", "4530681" - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4493470", "4493473", "4499418", "4494440", "4499177", - "4505052", "4503267", "4503294", "4509475", "4507459", - "4507460", "4512495", "4512517", "4516044", "4516061", - "4522010", "4519998", "4524152", "4525236", "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4493474", "4493436", "4499162", "4499181", "4502112", - "4505055", "4503279", "4503289", "4509476", "4507450", - "4507467", "4512474", "4512507", "4516059", "4516068", - "4522011", "4520010", "4524151", "4525245", "4530711" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4493441", "4493440", "4499147", "4499179", "4505062", - "4503281", "4503284", "4509477", "4507455", "4507465", - "4512494", "4512516", "4516066", "4516071", "4522012", - "4520004", "4524150", "452524", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4493464", "4493437", "4499167", "4499183", "4505064", - "4503286", "4503288", "4509478", "4507435", "4507466", - "4512501", "4512509", "4516045", "4516058", "4522014", - "4520008", "4524149", "4525237", "B4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4493509", "4495667", "4494441", "4497934", "4501835", - "4505056", "4501371", "4503327", "4509479", "4505658", - "4507469", "4511553", "4512534", "4512578", "4516077", - "4522015", "4519338", "4524148", "4523205", "4530715" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - - internal static class CVE_2019_0841 - { - private const string name = "CVE-2019-0841"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4493474", "4493436", "4499162", "4499181", "4502112", - "4505055", "4503279", "4503289", "4509476", "4507450", - "4507467", "4512474", "4512507", "4516059", "4516068", - "4522011", "4520010", "4524151", "4525245", "4530711" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4493441", "4493440", "4499147", "4499179", "4505062", - "4503281", "4503284", "4509477", "4507455", "4507465", - "4512494", "4512516", "4516066", "4516071", "4522012", - "4520004", "4524150", "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4493464", "4493437", "4499167", "4499183", "4505064", - "4503286", "4503288", "4509478", "4507435", "4507466", - "4512501", "4512509", "4516045", "4516058", "4522014", - "4520008", "4524149", "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4493509", "4495667", "4494441", "4497934", "4501835", - "4505056", "4501371", "4503327", "4509479", "4505658", - "4507469", "4511553", "4512534", "4512578", "4516077", - "4522015", "4519338", "4524148", "4523205", "4530715" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - internal static class CVE_2019_1064 - { - private const string name = "CVE-2019-1064"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4503267", "4503294", "4509475", "4507459", "4507460", - "4512495", "4512517", "4516044", "4516061", "4522010", - "4519998", "4524152", "4525236", "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4503279", "4503289", "4509476", "4507450", "4507467", - "4512474", "4512507", "4516059", "4516068", "4522011", - "4520010", "4524151", "4525245", "4530711" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4503284", "4503281", "4509477", "4507455", "4507465", - "4512494", "4512516", "4516066", "4516071", "4522012", - "4520004", "4524150", "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4503286", "4503288", "4509478", "4507435", "4507466", - "4512501", "4512509", "4516045", "4516058", "4522014", - "4520008", "4524149", "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4503327", "4501371", "4509479", "4505658", "4507469", - "4511553", "4512534", "4512578", "4516077", "4522015", - "4519338", "4524148", "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4503293", "4501375", "4505903", "4507453", "4512508", - "4512941", "4515384", "4517211", "4522016", "4517389", - "4524147", "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - internal static class CVE_2019_1130 - { - private const string name = "CVE-2019-1130"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - "4507458", "4512497", "4517276", "4516070", "4522009", - "4520011", "4524153", "4525232", "4530681" - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4507460", "4507459", "4512495", "4512517", "4516044", - "4516061", "4522010", "4519998", "4524152", "4525236", - "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4507460", "4507459", "4512495", "4512517", "4516044", - "4516061", "4522010", "4519998", "4524152", "4525236", - "4530689" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4507455", "4507465", "4512494", "4512516", "4516066", - "4516071", "4522012", "4520004", "4524150", "4525241", - "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4507435", "4507466", "4512501", "4512509", "4516045", - "4516058", "4522014", "4520008", "4524149", "4525237", - "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4507469", "4505658", "4511553", "4512534", "4512578", - "4516077", "4522015", "4519338", "4524148", "4523205", - "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4507453", "4505903", "4512508", "4512941", "4515384", - "4517211", "4522016", "4517389", "4524147", "4524570", - "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - internal static class CVE_2019_1253 - { - private const string name = "CVE-2019-1253"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4516068", "4516059", "4522011", "4520010", "4524151", - "4525245", "4530711" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4516066", "4516071", "4522012", "4520004", "4524150", - "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4516058", "4516045", "4522014", "4520008", "4524149", - "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4512578", "4516077", "4522015", "4519338", "4524148", - "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4515384", "4517211", "4522016", "4517389", "4524147", - "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - - internal static class CVE_2019_1315 - { - private const string name = "CVE-2019-1315"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - "4520011", "4525232", "4530681" - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4519998", "4519979", "4525236", "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - "4520010", "4525245", "4530711" - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4520004", "4520006", "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4520008", "4519978", "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4519338", "4520062", "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4517389", "4522355", "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - internal static class CVE_2019_1385 - { - private const string name = "CVE-2019-1385"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4524570", "4530684" - }); - - break; - - case "18363": - - Supersedence.AddRange(new string[] { - "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - - internal static class CVE_2019_1388 - { - private const string name = "CVE-2019-1388"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - "4525232", "4530681" - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4525236", "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - - internal static class CVE_2019_1405 - { - private const string name = "CVE-2019-1405"; - - public static void Check(VulnerabilityCollection vulnerabilities, string BuildNumber, List installedKBs) - { - List Supersedence = new List(); - - switch (BuildNumber) - { - case "10240": - - Supersedence.AddRange(new string[] { - "4525232", "4530681" - }); - - break; - - case "10586": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "14393": - - Supersedence.AddRange(new string[] { - "4525236", "4530689" - }); - - break; - - case "15063": - - Supersedence.AddRange(new string[] { - // - }); - - break; - - case "16299": - - Supersedence.AddRange(new string[] { - "4525241", "4530714" - }); - - break; - - case "17134": - - Supersedence.AddRange(new string[] { - "4525237", "4530717" - }); - - break; - - case "17763": - - Supersedence.AddRange(new string[] { - "4523205", "4530715" - }); - - break; - - case "18362": - - Supersedence.AddRange(new string[] { - "4524570", "4530684" - }); - - break; - - case "18363": - - Supersedence.AddRange(new string[] { - "4524570", "4530684" - }); - - break; - - default: - return; - } - - IEnumerable x = Supersedence.Intersect(installedKBs); - - if (!x.Any()) - vulnerabilities.SetAsVulnerable(name); - } - } - - - ////////////////////////////// - ////// MAIN WATSON CLASS ///// - ////////////////////////////// - class Watson - { - public static void FindVulns() - { - System.Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by " + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR); - - // Supported versions - List supportedVersions = new List() - { - "10240", //1507 - "10586", //1511 - "14393", //1607 & 2K16 - "15063", //1703 - "16299", //1709 - "17134", //1803 - "17763", //1809 & 2K19 - "18362", //1903 - "18363", //1909 - }; - - // Get OS Build number - string buildNumber = Wmi.GetBuildNumber(); - if (!string.IsNullOrEmpty(buildNumber)) - System.Console.WriteLine(String.Format(" {0}: {1}", "OS Build Number", buildNumber)); - else - return; - - if (!supportedVersions.Contains(buildNumber)) - { - Beaprint.GoodPrint(" Windows version not supported\r\n"); - return; - } - - // List of KBs installed - //Console.WriteLine(" [*] Enumerating installed KBs...\r\n"); - List installedKBs = Wmi.GetInstalledKBs(); - - /*#if DEBUG - foreach (string kb in installedKBs) - Console.WriteLine(" {0}", kb); - Console.WriteLine(); - #endif*/ - - // List of Vulnerabilities - VulnerabilityCollection vulnerabiltiies = new VulnerabilityCollection(); - - // Check each one - CVE_2019_0836.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_0841.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1064.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1130.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1253.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1315.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1385.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1388.Check(vulnerabiltiies, buildNumber, installedKBs); - CVE_2019_1405.Check(vulnerabiltiies, buildNumber, installedKBs); - - // Print the results - vulnerabiltiies.ShowResults(); - } - } -} diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0836.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0836.cs new file mode 100644 index 0000000..554ae3a --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0836.cs @@ -0,0 +1,105 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_0836 + { + private const string name = "CVE-2019-0836"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4493475, 4498375, 4499154, 4505051, 4503291, + 4507458, 4512497, 4517276, 4522009, 4520011, + 4524153, 4525232, 4530681, 4534306, 4537776, + 4540693, 4550930, 4556826, 4561649, 4567518, + 4565513, 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4493470, 4499418, 4494440, 4534271, 4534307, + 4537764, 4537806, 4540670, 4541329, 4550929, + 4550947, 4556813, 4561616, 4567517, 4565511, + 4571694, 4577015 + }); + + break; + + case 15063: + + supersedence.AddRange(new int[] { + 4493474, 4493436, 4499162, 4499181, 4502112, + 4505055, 4503279, 4503289, 4509476, 4507450, + 4507467, 4512474, 4512507, 4516059, 4516068, + 4522011, 4520010, 4524151, 4525245, 4530711, + 4534296, 4537765, 4540705, 4550939, 4556804, + 4561605, 4567516, 4565499, 4571689, 4577021 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4493441, 4493440, 4499147, 4499179, 4505062, + 4503281, 4503284, 4509477, 4507455, 4507465, + 4512494, 4512516, 4516066, 4522012, 4520004, + 4520006, 4524150, 4525241, 4530714, 4534276, + 4534318, 4537789, 4537816, 4540681, 4541330, + 4554342, 4550927, 4556812, 4561602, 4567515, + 4565508, 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4493464, 4493437, 4499167, 4499183, 4505064, + 4503286, 4503288, 4509478, 4507435, 4507466, + 4512501, 4512509, 4516045, 4516058, 4522014, + 4519978, 4520008, 4524149, 4525237, 4530717, + 4534293, 4534308, 4537762, 4537795, 4540689, + 4541333, 4554349, 4550922, 4550944, 4556807, + 4561621, 4567514, 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4493509, 4495667, 4494441, 4497934, 4501835, + 4505056, 4501371, 4503327, 4509479, 4505658, + 4507469, 4511553, 4512534, 4512578, 4522015, + 4519338, 4520062, 4524148, 4523205, 4530715, + 4534273, 4534321, 4532691, 4537818, 4538461, + 4541331, 4554354, 4549949, 4550969, 4551853, + 4561608, 4567513, 4558998, 4559003, 4565349, + 4571748, 4570333, 4577069 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0841.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0841.cs new file mode 100644 index 0000000..d16b53d --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0841.cs @@ -0,0 +1,82 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_0841 + { + private const string name = "CVE-2019-0841"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 15063: + + supersedence.AddRange(new int[] { + 4493474, 4493436, 4499162, 4499181, 4502112, + 4505055, 4503279, 4503289, 4509476, 4507450, + 4507467, 4512474, 4512507, 4516059, 4516068, + 4522011, 4520010, 4524151, 4525245, 4530711, + 4534296, 4537765, 4540705, 4550939, 4556804, + 4561605, 4567516, 4565499, 4571689, 4577021 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4493441, 4493440, 4499147, 4499179, 4505062, + 4503281, 4503284, 4509477, 4507455, 4507465, + 4512494, 4512516, 4516066, 4522012, 4520004, + 4520006, 4524150, 4525241, 4530714, 4534276, + 4534318, 4537789, 4537816, 4540681, 4541330, + 4554342, 4550927, 4556812, 4561602, 4567515, + 4565508, 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4493464, 4493437, 4499167, 4499183, 4505064, + 4503286, 4503288, 4509478, 4507435, 4507466, + 4512501, 4512509, 4516045, 4516058, 4522014, + 4519978, 4520008, 4524149, 4525237, 4530717, + 4534293, 4534308, 4537762, 4537795, 4540689, + 4541333, 4554349, 4550922, 4550944, 4556807, + 4561621, 4567514, 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4493509, 4495667, 4494441, 4497934, 4501835, + 4505056, 4501371, 4503327, 4509479, 4505658, + 4507469, 4511553, 4512534, 4512578, 4522015, + 4519338, 4520062, 4524148, 4523205, 4530715, + 4534273, 4534321, 4532691, 4537818, 4538461, + 4541331, 4554354, 4549949, 4550969, 4551853, + 4561608, 4567513, 4558998, 4559003, 4565349, + 4571748, 4570333, 4577069 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1064.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1064.cs new file mode 100644 index 0000000..ee788c9 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1064.cs @@ -0,0 +1,102 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1064 + { + private const string name = "CVE-2019-1064"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 14393: + + supersedence.AddRange(new int[] { + 4503267, 4503294, 4509475, 4507459, 4507460, + 4512495, 4512517, 4516044, 4516061, 4522010, + 4519998, 4524152, 4525236, 4530689 + }); + + break; + + case 15063: + + supersedence.AddRange(new int[] { + 4503279, 4503289, 4509476, 4507450, 4507467, + 4512474, 4512507, 4516059, 4516068, 4522011, + 4520010, 4524151, 4525245, 4530711, 4534296, + 4537765, 4540705, 4550939, 4556804, 4561605, + 4567516, 4565499, 4571689, 4577021 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4503284, 4503281, 4509477, 4507455, 4507465, + 4512494, 4512516, 4516066, 4522012, 4520004, + 4520006, 4524150, 4525241, 4530714, 4534276, + 4534318, 4537789, 4537816, 4540681, 4541330, + 4554342, 4550927, 4556812, 4561602, 4567515, + 4565508, 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4503286, 4503288, 4509478, 4507435, 4507466, + 4512501, 4512509, 4516045, 4516058, 4522014, + 4519978, 4520008, 4524149, 4525237, 4530717, + 4534293, 4534308, 4537762, 4537795, 4540689, + 4541333, 4554349, 4550922, 4550944, 4556807, + 4561621, 4567514, 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4503327, 4501371, 4509479, 4505658, 4507469, + 4511553, 4512534, 4512578, 4522015, 4519338, + 4520062, 4524148, 4523205, 4530715, 4534273, + 4534321, 4532691, 4537818, 4538461, 4541331, + 4554354, 4549949, 4550969, 4551853, 4561608, + 4567513, 4558998, 4559003, 4565349, 4571748, + 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4503293, 4501375, 4505903, 4507453, 4512508, + 4512941, 4515384, 4517211, 4522016, 4517389, + 4522355, 4524147, 4524570, 4530684, 4528760, + 4532695, 4532693, 4535996, 4540673, 4541335, + 4551762, 4554364, 4549951, 4550945, 4556799, + 4560960, 4567512, 4565483, 4559004, 4565351, + 4566116, 4574727, 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1130.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1130.cs new file mode 100644 index 0000000..57e31cd --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1130.cs @@ -0,0 +1,109 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1130 + { + private const string name = "CVE-2019-1130"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4507458, 4512497, 4517276, 4522009, 4520011, + 4524153, 4525232, 4530681, 4534306, 4537776, + 4540693, 4550930, 4556826, 4561649, 4567518, + 4565513, 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4507460, 4507459, 4512495, 4512517, 4516044, + 4516061, 4522010, 4519998, 4524152, 4525236, + 4530689 + }); + + break; + + case 15063: + + supersedence.AddRange(new int[] { + 4507460, 4507459, 4512495, 4512517, 4516044, + 4516061, 4522010, 4519998, 4524152, 4525236, + 4530689 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4507455, 4507465, 4512494, 4512516, 4516066, + 4522012, 4520004, 4520006, 4524150, 4525241, + 4530714, 4534276, 4534318, 4537789, 4537816, + 4540681, 4541330, 4554342, 4550927, 4556812, + 4561602, 4567515, 4565508, 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4507435, 4507466, 4512501, 4512509, 4516045, + 4516058, 4522014, 4519978, 4520008, 4524149, + 4525237, 4530717, 4534293, 4534308, 4537762, + 4537795, 4540689, 4541333, 4554349, 4550922, + 4550944, 4556807, 4561621, 4567514, 4565489, + 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4507469, 4505658, 4511553, 4512534, 4512578, + 4522015, 4519338, 4520062, 4524148, 4523205, + 4530715, 4534273, 4534321, 4532691, 4537818, + 4538461, 4541331, 4554354, 4549949, 4550969, + 4551853, 4561608, 4567513, 4558998, 4559003, + 4565349, 4571748, 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4507453, 4505903, 4512508, 4512941, 4515384, + 4517211, 4522016, 4517389, 4522355, 4524147, + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1253.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1253.cs new file mode 100644 index 0000000..5c74c44 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1253.cs @@ -0,0 +1,86 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1253 + { + private const string name = "CVE-2019-1253"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 15063: + + supersedence.AddRange(new int[] { + 4516068, 4516059, 4522011, 4520010, 4524151, + 4525245, 4530711, 4534296, 4537765, 4540705, + 4550939, 4556804, 4561605, 4567516, 4565499, + 4571689, 4577021 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4516066, 4522012, 4520004, 4520006, 4524150, + 4525241, 4530714, 4534276, 4534318, 4537789, + 4537816, 4540681, 4541330, 4554342, 4550927, + 4556812, 4561602, 4567515, 4565508, 4571741, + 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4516058, 4516045, 4522014, 4519978, 4520008, + 4524149, 4525237, 4530717, 4534293, 4534308, + 4537762, 4537795, 4540689, 4541333, 4554349, + 4550922, 4550944, 4556807, 4561621, 4567514, + 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4512578, 4522015, 4519338, 4520062, 4524148, + 4523205, 4530715, 4534273, 4534321, 4532691, + 4537818, 4538461, 4541331, 4554354, 4549949, + 4550969, 4551853, 4561608, 4567513, 4558998, + 4559003, 4565349, 4571748, 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4515384, 4517211, 4522016, 4517389, 4522355, + 4524147, 4524570, 4530684, 4528760, 4532695, + 4532693, 4535996, 4540673, 4541335, 4551762, + 4554364, 4549951, 4550945, 4556799, 4560960, + 4567512, 4565483, 4559004, 4565351, 4566116, + 4574727, 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1315.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1315.cs new file mode 100644 index 0000000..785dddf --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1315.cs @@ -0,0 +1,100 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1315 + { + private const string name = "CVE-2019-1315"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4520011, 4525232, 4530681, 4534306, 4537776, + 4540693, 4550930, 4556826, 4561649, 4567518, + 4565513, 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4519998, 4519979, 4525236, 4530689 + }); + + break; + + case 15063: + + supersedence.AddRange(new int[] { + 4520010, 4525245, 4530711, 4534296, 4537765, + 4540705, 4550939, 4556804, 4561605, 4567516, + 4565499, 4571689, 4577021 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4520004, 4520006, 4525241, 4530714, 4534276, + 4534318, 4537789, 4537816, 4540681, 4541330, + 4554342, 4550927, 4556812, 4561602, 4567515, + 4565508, 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4520008, 4519978, 4525237, 4530717, 4534293, + 4534308, 4537762, 4537795, 4540689, 4541333, + 4554349, 4550922, 4550944, 4556807, 4561621, + 4567514, 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4519338, 4520062, 4523205, 4530715, 4534273, + 4534321, 4532691, 4537818, 4538461, 4541331, + 4554354, 4549949, 4550969, 4551853, 4561608, + 4567513, 4558998, 4559003, 4565349, 4571748, + 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4517389, 4522355, 4524570, 4530684, 4528760, + 4532695, 4532693, 4535996, 4540673, 4541335, + 4551762, 4554364, 4549951, 4550945, 4556799, + 4560960, 4567512, 4565483, 4559004, 4565351, + 4566116, 4574727, 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1385.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1385.cs new file mode 100644 index 0000000..8ebf699 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1385.cs @@ -0,0 +1,83 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1385 + { + private const string name = "CVE-2019-1385"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 16299: + + supersedence.AddRange(new int[] { + 4525241, 4530714, 4534276, 4534318, 4537789, + 4537816, 4540681, 4541330, 4554342, 4550927, + 4556812, 4561602, 4567515, 4565508, 4571741, + 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4525237, 4530717, 4534293, 4534308, 4537762, + 4537795, 4540689, 4541333, 4554349, 4550922, + 4550944, 4556807, 4561621, 4567514, 4565489, + 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4523205, 4530715, 4534273, 4534321, 4532691, + 4537818, 4538461, 4541331, 4554354, 4549949, + 4550969, 4551853, 4561608, 4567513, 4558998, + 4559003, 4565349, 4571748, 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + case 18363: + + supersedence.AddRange(new int[] { + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1388.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1388.cs new file mode 100644 index 0000000..b634ed6 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1388.cs @@ -0,0 +1,89 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1388 + { + private const string name = "CVE-2019-1388"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4525232, 4530681, 4534306, 4537776, 4540693, + 4550930, 4556826, 4561649, 4567518, 4565513, + 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4525236, 4530689 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4525241, 4530714, 4534276, 4534318, 4537789, + 4537816, 4540681, 4541330, 4554342, 4550927, + 4556812, 4561602, 4567515, 4565508, 4571741, + 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4525237, 4530717, 4534293, 4534308, 4537762, + 4537795, 4540689, 4541333, 4554349, 4550922, + 4550944, 4556807, 4561621, 4567514, 4565489, + 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4523205, 4530715, 4534273, 4534321, 4532691, + 4537818, 4538461, 4541331, 4554354, 4549949, + 4550969, 4551853, 4561608, 4567513, 4558998, + 4559003, 4565349, 4571748, 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1405.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1405.cs new file mode 100644 index 0000000..0d1d5df --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1405.cs @@ -0,0 +1,101 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2019_1405 + { + private const string name = "CVE-2019-1405"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4525232, 4530681, 4534306, 4537776, 4540693, + 4550930, 4556826, 4561649, 4567518, 4565513, + 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4525236, 4530689 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4525241, 4530714, 4534276, 4534318, 4537789, + 4537816, 4540681, 4541330, 4554342, 4550927, + 4556812, 4561602, 4567515, 4565508, 4571741, + 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4525237, 4530717, 4534293, 4534308, 4537762, + 4537795, 4540689, 4541333, 4554349, 4550922, + 4550944, 4556807, 4561621, 4567514, 4565489, + 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4523205, 4530715, 4534273, 4534321, 4532691, + 4537818, 4538461, 4541331, 4554354, 4549949, + 4550969, 4551853, 4561608, 4567513, 4558998, + 4559003, 4565349, 4571748, 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + case 18363: + + supersedence.AddRange(new int[] { + 4524570, 4530684, 4528760, 4532695, 4532693, + 4535996, 4540673, 4541335, 4551762, 4554364, + 4549951, 4550945, 4556799, 4560960, 4567512, + 4565483, 4559004, 4565351, 4566116, 4574727, + 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0668.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0668.cs new file mode 100644 index 0000000..c8f1c82 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0668.cs @@ -0,0 +1,98 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2020_0668 + { + private const string name = "CVE-2020-0668"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4537776, 4540693, 4550930, 4556826, 4561649, + 4567518, 4565513, 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4537764, 4537806, 4540670, 4541329, 4550929, + 4550947, 4556813, 4561616, 4567517, 4565511, + 4571694, 4577015 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4537789, 4537816, 4540681, 4541330, 4554342, + 4550927, 4556812, 4561602, 4567515, 4565508, + 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4537762, 4537795, 4540689, 4541333, 4554349, + 4550922, 4550944, 4556807, 4561621, 4567514, + 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4532691, 4537818, 4538461, 4541331, 4554354, + 4549949, 4550969, 4551853, 4561608, 4567513, + 4558998, 4559003, 4565349, 4571748, 4570333, + 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4532693, 4535996, 4540673, 4541335, 4551762, + 4554364, 4549951, 4550945, 4556799, 4560960, + 4567512, 4565483, 4559004, 4565351, 4566116, + 4574727, 4577062 + }); + + break; + + case 18363: + + supersedence.AddRange(new int[] { + 4532693, 4535996, 4540673, 4541335, 4551762, + 4554364, 4549951, 4550945, 4556799, 4560960, + 4567512, 4565483, 4559004, 4565351, 4566116, + 4574727, 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0683.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0683.cs new file mode 100644 index 0000000..5f4a7a7 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0683.cs @@ -0,0 +1,98 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2020_0683 + { + private const string name = "CVE-2020-0683"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4537776, 4540693, 4550930, 4556826, 4561649, + 4567518, 4565513, 4571692, 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4537764, 4537806, 4540670, 4541329, 4550929, + 4550947, 4556813, 4561616, 4567517, 4565511, + 4571694, 4577015 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4537789, 4537816, 4540681, 4541330, 4554342, + 4550927, 4556812, 4561602, 4567515, 4565508, + 4571741, 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4537762, 4537795, 4540689, 4541333, 4554349, + 4550922, 4550944, 4556807, 4561621, 4567514, + 4565489, 4571709, 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4532691, 4537818, 4538461, 4541331, 4554354, + 4549949, 4550969, 4551853, 4561608, 4567513, + 4558998, 4559003, 4565349, 4571748, 4570333, + 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4532693, 4535996, 4540673, 4541335, 4551762, + 4554364, 4549951, 4550945, 4556799, 4560960, + 4567512, 4565483, 4559004, 4565351, 4566116, + 4574727, 4577062 + }); + + break; + + case 18363: + + supersedence.AddRange(new int[] { + 4532693, 4535996, 4540673, 4541335, 4551762, + 4554364, 4549951, 4550945, 4556799, 4560960, + 4567512, 4565483, 4559004, 4565351, 4566116, + 4574727, 4577062 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-1013.cs b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-1013.cs new file mode 100644 index 0000000..2587f03 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-1013.cs @@ -0,0 +1,90 @@ +using System.Linq; +using System.Collections.Generic; + +namespace winPEAS.Watson.Msrc +{ + internal static class CVE_2020_1013 + { + private const string name = "CVE-2020-1013"; + + public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) + { + var supersedence = new List(); + + switch (buildNumber) + { + case 10240: + + supersedence.AddRange(new int[] { + 4577049 + }); + + break; + + case 14393: + + supersedence.AddRange(new int[] { + 4577015 + }); + + break; + + case 16299: + + supersedence.AddRange(new int[] { + 4577041 + }); + + break; + + case 17134: + + supersedence.AddRange(new int[] { + 4577032 + }); + + break; + + case 17763: + + supersedence.AddRange(new int[] { + 4570333, 4577069 + }); + + break; + + case 18362: + + supersedence.AddRange(new int[] { + 4574727, 4577062 + }); + + break; + + case 18363: + + supersedence.AddRange(new int[] { + 4574727, 4577062 + }); + + break; + + case 19041: + + supersedence.AddRange(new int[] { + 4571756, 4577063 + }); + + break; + + default: + return; + } + + if (supersedence.Intersect(installedKBs).Any()) + { + vulnerabilities.SetAsVulnerable(name); + } + } + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Vulnerability.cs b/winPEAS/winPEASexe/winPEAS/Watson/Vulnerability.cs new file mode 100644 index 0000000..167c386 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Vulnerability.cs @@ -0,0 +1,18 @@ +namespace winPEAS.Watson +{ + public class Vulnerability + { + public string Identification { get; } + public string[] KnownExploits { get; } + public bool Vulnerable { get; private set; } + + public Vulnerability(string id, string[] exploits) + { + Identification = id; + KnownExploits = exploits; + } + + public void SetAsVulnerable() + => Vulnerable = true; + } +} diff --git a/winPEAS/winPEASexe/winPEAS/Watson/VulnerabilityCollection.cs b/winPEAS/winPEASexe/winPEAS/Watson/VulnerabilityCollection.cs new file mode 100644 index 0000000..612fcf8 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/VulnerabilityCollection.cs @@ -0,0 +1,102 @@ +using System; +using System.Collections.Generic; +using System.Linq; + +namespace winPEAS.Watson +{ + public class VulnerabilityCollection + { + private readonly List _vulnerabilities; + + public void SetAsVulnerable(string id) + => _vulnerabilities.First(e => e.Identification == id).SetAsVulnerable(); + + public VulnerabilityCollection() + { + _vulnerabilities = Populate(); + } + + public void ShowResults() + { + foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable)) + { + Console.WriteLine(" [!] {0} : VULNERABLE", vuln.Identification); + + foreach (string exploit in vuln.KnownExploits) + { + Console.WriteLine(" [>] {0}", exploit); + } + + Console.WriteLine(); + } + + if (_vulnerabilities.Any(e => e.Vulnerable)) + Console.WriteLine(" [*] Finished. Found {0} potential vulnerabilities.\r\n", _vulnerabilities.Count(i => i.Vulnerable)); + else + Console.WriteLine(" [*] Finished. Found 0 vulnerabilities.\r\n"); + } + + private List Populate() + { + return new List() + { + new Vulnerability( + id: "CVE-2019-0836", + exploits: new string[] { "https://exploit-db.com/exploits/46718", "https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/" } + ), + + new Vulnerability( + id: "CVE-2019-0841", + exploits: new string[] { "https://github.com/rogue-kdc/CVE-2019-0841", "https://rastamouse.me/tags/cve-2019-0841/" } + ), + + new Vulnerability( + id: "CVE-2019-1064", + exploits: new string[] { "https://www.rythmstick.net/posts/cve-2019-1064/" } + ), + + new Vulnerability( + id: "CVE-2019-1130", + exploits: new string[] { "https://github.com/S3cur3Th1sSh1t/SharpByeBear" } + ), + + new Vulnerability( + id: "CVE-2019-1253", + exploits: new string[] { "https://github.com/padovah4ck/CVE-2019-1253", "https://github.com/sgabe/CVE-2019-1253" } + ), + + new Vulnerability( + id: "CVE-2019-1315", + exploits: new string[] { "https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html" } + ), + + new Vulnerability( + id: "CVE-2019-1385", + exploits: new string[] { "https://www.youtube.com/watch?v=K6gHnr-VkAg" } + ), + + new Vulnerability( + id: "CVE-2019-1388", + exploits: new string[] { "https://github.com/jas502n/CVE-2019-1388" } + ), + + new Vulnerability( + id: "CVE-2019-1405", + exploits: new string[] { "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/", "https://github.com/apt69/COMahawk" } + ), + new Vulnerability( + id: "CVE-2020-0668", + exploits: new string[] { "https://github.com/itm4n/SysTracingPoc" } + ), + new Vulnerability( + id: "CVE-2020-0683", + exploits: new string[] { "https://github.com/padovah4ck/CVE-2020-0683", "https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/PowershellScripts/cve-2020-0683.ps1" } + ), + new Vulnerability( + id: "CVE-2020-1013", + exploits: new string[] { "https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/" } + ) + }; + } + } +} diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Watson.cs b/winPEAS/winPEASexe/winPEAS/Watson/Watson.cs new file mode 100644 index 0000000..2a16d6f --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Watson.cs @@ -0,0 +1,80 @@ +using System; +using System.Collections.Generic; +using winPEAS.Watson.Msrc; + +namespace winPEAS.Watson +{ + + ////////////////////////////// + ////// MAIN WATSON CLASS ///// + ////////////////////////////// + class Watson + { + public static void FindVulns() + { + Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by " + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR); + + // Supported versions + var supportedVersions = new Dictionary() + { + { 10240, "1507" }, { 10586, "1511" }, { 14393, "1607" }, { 15063, "1703" }, { 16299, "1709" }, + { 17134, "1803" }, { 17763, "1809" }, { 18362, "1903" }, { 18363, "1909" }, { 19041, "2004" }, + { 19042, "20H2" } + }; + + // Get OS Build number + var buildNumber = Wmi.GetBuildNumber(); + if (buildNumber != 0) + { + if (!supportedVersions.ContainsKey(buildNumber)) + { + Console.Error.WriteLine($" [!] Windows version not supported, build number: '{buildNumber}'"); + return; + } + + var version = supportedVersions[buildNumber]; + Console.WriteLine(" [*] OS Version: {0} ({1})", version, buildNumber); + } + else + { + Console.Error.WriteLine(" [!] Could not retrieve Windows BuildNumber"); + return; + } + + // List of KBs installed + Console.WriteLine(" [*] Enumerating installed KBs..."); + var installedKBs = Wmi.GetInstalledKBs(); + +#if DEBUG + Console.WriteLine(); + + foreach (var kb in installedKBs) + { + Console.WriteLine(" {0}", kb); + } + + Console.WriteLine(); +#endif + + // List of Vulnerabilities + var vulnerabiltiies = new VulnerabilityCollection(); + + // Check each one + CVE_2019_0836.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_0841.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1064.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1130.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1253.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1315.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1385.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1388.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2019_1405.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2020_0668.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2020_0683.Check(vulnerabiltiies, buildNumber, installedKBs); + CVE_2020_1013.Check(vulnerabiltiies, buildNumber, installedKBs); + + // Print the results + vulnerabiltiies.ShowResults(); + } + } +} diff --git a/winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs b/winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs new file mode 100644 index 0000000..13ca649 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs @@ -0,0 +1,63 @@ +using System; +using System.Collections.Generic; +using System.Management; + +namespace winPEAS.Watson +{ + public class Wmi + { + public static List GetInstalledKBs() + { + var KbList = new List(); + + try + { + using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering")) + { + var hotFixes = searcher.Get(); + + foreach (var hotFix in hotFixes) + { + var line = hotFix["HotFixID"].ToString().Remove(0, 2); + + if (int.TryParse(line, out int kb)) + { + KbList.Add(kb); + } + } + } + } + catch (ManagementException e) + { + Console.Error.WriteLine(" [!] {0}", e.Message); + } + + return KbList; + } + + public static int GetBuildNumber() + { + try + { + using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem")) + { + var collection = searcher.Get(); + + foreach (var num in collection) + { + if (int.TryParse(num["BuildNumber"] as string, out int buildNumber)) + { + return buildNumber; + } + } + } + } + catch (ManagementException e) + { + Console.Error.WriteLine(" [!] {0}", e.Message); + } + + return 0; + } + } +} diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj index 6767e0d..cfed4aa 100755 --- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj +++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj @@ -158,7 +158,22 @@ - + + + + + + + + + + + + + + + +