darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- updated Watson + cleanup

Browse Source
This commit is contained in:
makikvues 2021-01-08 14:40:01 +01:00
parent 358b366408
commit d091dbcba5
19 changed files with 1425 additions and 1069 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@ -10,7 +10,7 @@ namespace winPEAS
{
class Program
{
public static string version = "v1.1";
public static string version = "v2.0-beta";
public static string advisory = "winpeas should be used for authorized penetration testing and/or educational purposes only.Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.";
public static bool banner = true;
public static bool search_fast = true;
@ -179,7 +179,8 @@ namespace winPEAS
};
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
System.Console.WriteLine();
Watson.FindVulns();
Watson.Watson.FindVulns();
//To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function)
//Usually you won't need to do anything with the classes Wmi, Vulnerability and VulnerabilityCollection
}

1066
winPEAS/winPEASexe/winPEAS/Watson.cs
View File

File diff suppressed because it is too large Load Diff

105
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0836.cs Normal file
View File

@ -0,0 +1,105 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_0836
{
private const string name = "CVE-2019-0836";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4493475, 4498375, 4499154, 4505051, 4503291,
4507458, 4512497, 4517276, 4522009, 4520011,
4524153, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4493470, 4499418, 4494440, 4534271, 4534307,
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 15063:
supersedence.AddRange(new int[] {
4493474, 4493436, 4499162, 4499181, 4502112,
4505055, 4503279, 4503289, 4509476, 4507450,
4507467, 4512474, 4512507, 4516059, 4516068,
4522011, 4520010, 4524151, 4525245, 4530711,
4534296, 4537765, 4540705, 4550939, 4556804,
4561605, 4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4493441, 4493440, 4499147, 4499179, 4505062,
4503281, 4503284, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4493464, 4493437, 4499167, 4499183, 4505064,
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4493509, 4495667, 4494441, 4497934, 4501835,
4505056, 4501371, 4503327, 4509479, 4505658,
4507469, 4511553, 4512534, 4512578, 4522015,
4519338, 4520062, 4524148, 4523205, 4530715,
4534273, 4534321, 4532691, 4537818, 4538461,
4541331, 4554354, 4549949, 4550969, 4551853,
4561608, 4567513, 4558998, 4559003, 4565349,
4571748, 4570333, 4577069
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

82
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-0841.cs Normal file
View File

@ -0,0 +1,82 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_0841
{
private const string name = "CVE-2019-0841";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 15063:
supersedence.AddRange(new int[] {
4493474, 4493436, 4499162, 4499181, 4502112,
4505055, 4503279, 4503289, 4509476, 4507450,
4507467, 4512474, 4512507, 4516059, 4516068,
4522011, 4520010, 4524151, 4525245, 4530711,
4534296, 4537765, 4540705, 4550939, 4556804,
4561605, 4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4493441, 4493440, 4499147, 4499179, 4505062,
4503281, 4503284, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4493464, 4493437, 4499167, 4499183, 4505064,
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4493509, 4495667, 4494441, 4497934, 4501835,
4505056, 4501371, 4503327, 4509479, 4505658,
4507469, 4511553, 4512534, 4512578, 4522015,
4519338, 4520062, 4524148, 4523205, 4530715,
4534273, 4534321, 4532691, 4537818, 4538461,
4541331, 4554354, 4549949, 4550969, 4551853,
4561608, 4567513, 4558998, 4559003, 4565349,
4571748, 4570333, 4577069
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

102
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1064.cs Normal file
View File

@ -0,0 +1,102 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1064
{
private const string name = "CVE-2019-1064";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 14393:
supersedence.AddRange(new int[] {
4503267, 4503294, 4509475, 4507459, 4507460,
4512495, 4512517, 4516044, 4516061, 4522010,
4519998, 4524152, 4525236, 4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4503279, 4503289, 4509476, 4507450, 4507467,
4512474, 4512507, 4516059, 4516068, 4522011,
4520010, 4524151, 4525245, 4530711, 4534296,
4537765, 4540705, 4550939, 4556804, 4561605,
4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4503284, 4503281, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4503327, 4501371, 4509479, 4505658, 4507469,
4511553, 4512534, 4512578, 4522015, 4519338,
4520062, 4524148, 4523205, 4530715, 4534273,
4534321, 4532691, 4537818, 4538461, 4541331,
4554354, 4549949, 4550969, 4551853, 4561608,
4567513, 4558998, 4559003, 4565349, 4571748,
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4503293, 4501375, 4505903, 4507453, 4512508,
4512941, 4515384, 4517211, 4522016, 4517389,
4522355, 4524147, 4524570, 4530684, 4528760,
4532695, 4532693, 4535996, 4540673, 4541335,
4551762, 4554364, 4549951, 4550945, 4556799,
4560960, 4567512, 4565483, 4559004, 4565351,
4566116, 4574727, 4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

109
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1130.cs Normal file
View File

@ -0,0 +1,109 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1130
{
private const string name = "CVE-2019-1130";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4507458, 4512497, 4517276, 4522009, 4520011,
4524153, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4507460, 4507459, 4512495, 4512517, 4516044,
4516061, 4522010, 4519998, 4524152, 4525236,
4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4507460, 4507459, 4512495, 4512517, 4516044,
4516061, 4522010, 4519998, 4524152, 4525236,
4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4507455, 4507465, 4512494, 4512516, 4516066,
4522012, 4520004, 4520006, 4524150, 4525241,
4530714, 4534276, 4534318, 4537789, 4537816,
4540681, 4541330, 4554342, 4550927, 4556812,
4561602, 4567515, 4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4507435, 4507466, 4512501, 4512509, 4516045,
4516058, 4522014, 4519978, 4520008, 4524149,
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4507469, 4505658, 4511553, 4512534, 4512578,
4522015, 4519338, 4520062, 4524148, 4523205,
4530715, 4534273, 4534321, 4532691, 4537818,
4538461, 4541331, 4554354, 4549949, 4550969,
4551853, 4561608, 4567513, 4558998, 4559003,
4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4507453, 4505903, 4512508, 4512941, 4515384,
4517211, 4522016, 4517389, 4522355, 4524147,
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

86
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1253.cs Normal file
View File

@ -0,0 +1,86 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1253
{
private const string name = "CVE-2019-1253";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 15063:
supersedence.AddRange(new int[] {
4516068, 4516059, 4522011, 4520010, 4524151,
4525245, 4530711, 4534296, 4537765, 4540705,
4550939, 4556804, 4561605, 4567516, 4565499,
4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4516066, 4522012, 4520004, 4520006, 4524150,
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4516058, 4516045, 4522014, 4519978, 4520008,
4524149, 4525237, 4530717, 4534293, 4534308,
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4512578, 4522015, 4519338, 4520062, 4524148,
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4515384, 4517211, 4522016, 4517389, 4522355,
4524147, 4524570, 4530684, 4528760, 4532695,
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

100
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1315.cs Normal file
View File

@ -0,0 +1,100 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1315
{
private const string name = "CVE-2019-1315";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4520011, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4519998, 4519979, 4525236, 4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4520010, 4525245, 4530711, 4534296, 4537765,
4540705, 4550939, 4556804, 4561605, 4567516,
4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4520004, 4520006, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4520008, 4519978, 4525237, 4530717, 4534293,
4534308, 4537762, 4537795, 4540689, 4541333,
4554349, 4550922, 4550944, 4556807, 4561621,
4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4519338, 4520062, 4523205, 4530715, 4534273,
4534321, 4532691, 4537818, 4538461, 4541331,
4554354, 4549949, 4550969, 4551853, 4561608,
4567513, 4558998, 4559003, 4565349, 4571748,
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4517389, 4522355, 4524570, 4530684, 4528760,
4532695, 4532693, 4535996, 4540673, 4541335,
4551762, 4554364, 4549951, 4550945, 4556799,
4560960, 4567512, 4565483, 4559004, 4565351,
4566116, 4574727, 4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

83
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1385.cs Normal file
View File

@ -0,0 +1,83 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1385
{
private const string name = "CVE-2019-1385";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

89
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1388.cs Normal file
View File

@ -0,0 +1,89 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1388
{
private const string name = "CVE-2019-1388";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4525232, 4530681, 4534306, 4537776, 4540693,
4550930, 4556826, 4561649, 4567518, 4565513,
4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4525236, 4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

101
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2019-1405.cs Normal file
View File

@ -0,0 +1,101 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2019_1405
{
private const string name = "CVE-2019-1405";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4525232, 4530681, 4534306, 4537776, 4540693,
4550930, 4556826, 4561649, 4567518, 4565513,
4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4525236, 4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

98
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0668.cs Normal file
View File

@ -0,0 +1,98 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2020_0668
{
private const string name = "CVE-2020-0668";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4537776, 4540693, 4550930, 4556826, 4561649,
4567518, 4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4537789, 4537816, 4540681, 4541330, 4554342,
4550927, 4556812, 4561602, 4567515, 4565508,
4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4532691, 4537818, 4538461, 4541331, 4554354,
4549949, 4550969, 4551853, 4561608, 4567513,
4558998, 4559003, 4565349, 4571748, 4570333,
4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

98
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-0683.cs Normal file
View File

@ -0,0 +1,98 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2020_0683
{
private const string name = "CVE-2020-0683";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4537776, 4540693, 4550930, 4556826, 4561649,
4567518, 4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4537789, 4537816, 4540681, 4541330, 4554342,
4550927, 4556812, 4561602, 4567515, 4565508,
4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4532691, 4537818, 4538461, 4541331, 4554354,
4549949, 4550969, 4551853, 4561608, 4567513,
4558998, 4559003, 4565349, 4571748, 4570333,
4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

90
winPEAS/winPEASexe/winPEAS/Watson/Msrc/CVE-2020-1013.cs Normal file
View File

@ -0,0 +1,90 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS.Watson.Msrc
{
internal static class CVE_2020_1013
{
private const string name = "CVE-2020-1013";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4574727, 4577062
});
break;
case 19041:
supersedence.AddRange(new int[] {
4571756, 4577063
});
break;
default:
return;
}
if (supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

18
winPEAS/winPEASexe/winPEAS/Watson/Vulnerability.cs Normal file
View File

@ -0,0 +1,18 @@
namespace winPEAS.Watson
{
public class Vulnerability
{
public string Identification { get; }
public string[] KnownExploits { get; }
public bool Vulnerable { get; private set; }
public Vulnerability(string id, string[] exploits)
{
Identification = id;
KnownExploits = exploits;
}
public void SetAsVulnerable()
=> Vulnerable = true;
}
}

102
winPEAS/winPEASexe/winPEAS/Watson/VulnerabilityCollection.cs Normal file
View File

@ -0,0 +1,102 @@
using System;
using System.Collections.Generic;
using System.Linq;
namespace winPEAS.Watson
{
public class VulnerabilityCollection
{
private readonly List<Vulnerability> _vulnerabilities;
public void SetAsVulnerable(string id)
=> _vulnerabilities.First(e => e.Identification == id).SetAsVulnerable();
public VulnerabilityCollection()
{
_vulnerabilities = Populate();
}
public void ShowResults()
{
foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable))
{
Console.WriteLine(" [!] {0} : VULNERABLE", vuln.Identification);
foreach (string exploit in vuln.KnownExploits)
{
Console.WriteLine(" [>] {0}", exploit);
}
Console.WriteLine();
}
if (_vulnerabilities.Any(e => e.Vulnerable))
Console.WriteLine(" [*] Finished. Found {0} potential vulnerabilities.\r\n", _vulnerabilities.Count(i => i.Vulnerable));
else
Console.WriteLine(" [*] Finished. Found 0 vulnerabilities.\r\n");
}
private List<Vulnerability> Populate()
{
return new List<Vulnerability>()
{
new Vulnerability(
id: "CVE-2019-0836",
exploits: new string[] { "https://exploit-db.com/exploits/46718", "https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/" }
),
new Vulnerability(
id: "CVE-2019-0841",
exploits: new string[] { "https://github.com/rogue-kdc/CVE-2019-0841", "https://rastamouse.me/tags/cve-2019-0841/" }
),
new Vulnerability(
id: "CVE-2019-1064",
exploits: new string[] { "https://www.rythmstick.net/posts/cve-2019-1064/" }
),
new Vulnerability(
id: "CVE-2019-1130",
exploits: new string[] { "https://github.com/S3cur3Th1sSh1t/SharpByeBear" }
),
new Vulnerability(
id: "CVE-2019-1253",
exploits: new string[] { "https://github.com/padovah4ck/CVE-2019-1253", "https://github.com/sgabe/CVE-2019-1253" }
),
new Vulnerability(
id: "CVE-2019-1315",
exploits: new string[] { "https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html" }
),
new Vulnerability(
id: "CVE-2019-1385",
exploits: new string[] { "https://www.youtube.com/watch?v=K6gHnr-VkAg" }
),
new Vulnerability(
id: "CVE-2019-1388",
exploits: new string[] { "https://github.com/jas502n/CVE-2019-1388" }
),
new Vulnerability(
id: "CVE-2019-1405",
exploits: new string[] { "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/", "https://github.com/apt69/COMahawk" }
),
new Vulnerability(
id: "CVE-2020-0668",
exploits: new string[] { "https://github.com/itm4n/SysTracingPoc" }
),
new Vulnerability(
id: "CVE-2020-0683",
exploits: new string[] { "https://github.com/padovah4ck/CVE-2020-0683", "https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/PowershellScripts/cve-2020-0683.ps1" }
),
new Vulnerability(
id: "CVE-2020-1013",
exploits: new string[] { "https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/" }
)
};
}
}
}

80
winPEAS/winPEASexe/winPEAS/Watson/Watson.cs Normal file
View File

@ -0,0 +1,80 @@
using System;
using System.Collections.Generic;
using winPEAS.Watson.Msrc;
namespace winPEAS.Watson
{
//////////////////////////////
////// MAIN WATSON CLASS /////
//////////////////////////////
class Watson
{
public static void FindVulns()
{
Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by " + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR);
// Supported versions
var supportedVersions = new Dictionary<int, string>()
{
{ 10240, "1507" }, { 10586, "1511" }, { 14393, "1607" }, { 15063, "1703" }, { 16299, "1709" },
{ 17134, "1803" }, { 17763, "1809" }, { 18362, "1903" }, { 18363, "1909" }, { 19041, "2004" },
{ 19042, "20H2" }
};
// Get OS Build number
var buildNumber = Wmi.GetBuildNumber();
if (buildNumber != 0)
{
if (!supportedVersions.ContainsKey(buildNumber))
{
Console.Error.WriteLine($" [!] Windows version not supported, build number: '{buildNumber}'");
return;
}
var version = supportedVersions[buildNumber];
Console.WriteLine(" [*] OS Version: {0} ({1})", version, buildNumber);
}
else
{
Console.Error.WriteLine(" [!] Could not retrieve Windows BuildNumber");
return;
}
// List of KBs installed
Console.WriteLine(" [*] Enumerating installed KBs...");
var installedKBs = Wmi.GetInstalledKBs();
#if DEBUG
Console.WriteLine();
foreach (var kb in installedKBs)
{
Console.WriteLine(" {0}", kb);
}
Console.WriteLine();
#endif
// List of Vulnerabilities
var vulnerabiltiies = new VulnerabilityCollection();
// Check each one
CVE_2019_0836.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_0841.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1064.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1130.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1253.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1315.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1385.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1388.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2019_1405.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2020_0668.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2020_0683.Check(vulnerabiltiies, buildNumber, installedKBs);
CVE_2020_1013.Check(vulnerabiltiies, buildNumber, installedKBs);
// Print the results
vulnerabiltiies.ShowResults();
}
}
}

63
winPEAS/winPEASexe/winPEAS/Watson/Wmi.cs Normal file
View File

@ -0,0 +1,63 @@
using System;
using System.Collections.Generic;
using System.Management;
namespace winPEAS.Watson
{
public class Wmi
{
public static List<int> GetInstalledKBs()
{
var KbList = new List<int>();
try
{
using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering"))
{
var hotFixes = searcher.Get();
foreach (var hotFix in hotFixes)
{
var line = hotFix["HotFixID"].ToString().Remove(0, 2);
if (int.TryParse(line, out int kb))
{
KbList.Add(kb);
}
}
}
}
catch (ManagementException e)
{
Console.Error.WriteLine(" [!] {0}", e.Message);
}
return KbList;
}
public static int GetBuildNumber()
{
try
{
using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem"))
{
var collection = searcher.Get();
foreach (var num in collection)
{
if (int.TryParse(num["BuildNumber"] as string, out int buildNumber))
{
return buildNumber;
}
}
}
}
catch (ManagementException e)
{
Console.Error.WriteLine(" [!] {0}", e.Message);
}
return 0;
}
}
}

17
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

@ -158,7 +158,22 @@
<Compile Include="TaskScheduler\Wildcard.cs" />
<Compile Include="TaskScheduler\XmlSerializationHelper.cs" />
<Compile Include="UserInfo.cs" />
<Compile Include="Watson.cs" />
<Compile Include="Watson\Msrc\CVE-2019-0836.cs" />
<Compile Include="Watson\Msrc\CVE-2019-0841.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1064.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1130.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1253.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1315.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1385.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1388.cs" />
<Compile Include="Watson\Msrc\CVE-2019-1405.cs" />
<Compile Include="Watson\Msrc\CVE-2020-0668.cs" />
<Compile Include="Watson\Msrc\CVE-2020-0683.cs" />
<Compile Include="Watson\Msrc\CVE-2020-1013.cs" />
<Compile Include="Watson\Vulnerability.cs" />
<Compile Include="Watson\VulnerabilityCollection.cs" />
<Compile Include="Watson\Watson.cs" />
<Compile Include="Watson\Wmi.cs" />
<Compile Include="Wifi.cs" />
</ItemGroup>
<ItemGroup>