From 1ceb041ee53dcab834d128c0d9c9df94ea60e131 Mon Sep 17 00:00:00 2001 From: makikvues Date: Sat, 13 Feb 2021 17:02:03 +0100 Subject: [PATCH] - updated PrintMcAffeSitelistFiles - linpeas & lolbas checks running optionally if specified --- winPEAS/winPEASexe/winPEAS/Checks/Checks.cs | 31 ++++++++--- .../winPEASexe/winPEAS/Checks/FilesInfo.cs | 52 ++++++++++++++----- .../winPEASexe/winPEAS/Helpers/Beaprint.cs | 12 +++-- winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs | 20 +++++++ 4 files changed, 90 insertions(+), 25 deletions(-) diff --git a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs index be5630a..7f1a227 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs @@ -17,6 +17,8 @@ namespace winPEAS.Checks public static bool IsNoColor = false; public static bool Banner = true; public static bool IsDebug = false; + public static bool IsLinpeas = false; + public static bool IsLolbas = false; // Create Dynamic blacklists public static readonly string CurrentUserName = Environment.UserName; @@ -127,16 +129,29 @@ namespace winPEAS.Checks IsDebug = true; } - if (arg.StartsWith("linpeasUrl", StringComparison.CurrentCultureIgnoreCase)) + if (string.Equals(arg, "-lolbas", StringComparison.CurrentCultureIgnoreCase)) { - var parts = arg.Split('='); - if (parts.Length != 2 || string.IsNullOrEmpty(parts[1])) - { - Beaprint.PrintUsage(); - return; - } + IsLolbas = true; + } - LinpeasUrl = parts[1]; + if (arg.StartsWith("-linpeas", StringComparison.CurrentCultureIgnoreCase)) + { + IsLinpeas = true; + + var parts = arg.Split('='); + if (parts.Length >= 2 && !string.IsNullOrEmpty(parts[1])) + { + LinpeasUrl = parts[1]; + + var isReachable = MyUtils.IsUrlReachable(LinpeasUrl); + + if (!isReachable) + { + Beaprint.ColorPrint($" [!] the provided linpeas.sh url: '{LinpeasUrl}' is invalid / unreachable / returned empty response.", Beaprint.YELLOW); + + return; + } + } } string argToLower = arg.ToLower(); diff --git a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs index c539963..be1082e 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs @@ -227,15 +227,15 @@ namespace winPEAS.Checks foreach (var site in sitelistFilesInfo.Sites) { - Beaprint.BadPrint($" ShareName : {site.ShareName}\n" + - $" UserName : {site.UserName}\n" + - $" Server : {site.Server}\n" + - $" EncPassword : {site.EncPassword}\n" + - $" DecPassword : {site.DecPassword}\n" + - $" DomainName : {site.DomainName}\n" + - $" Name : {site.Name}\n" + - $" Type : {site.Type}\n" + - $" RelativePath : {site.RelativePath}\n"); + Beaprint.NoColorPrint($" Share Name : {site.ShareName}"); + PrintColored( $" User Name : {site.UserName}", !string.IsNullOrWhiteSpace(site.UserName)); + PrintColored( $" Server : {site.Server}", !string.IsNullOrWhiteSpace(site.Server)); + PrintColored( $" Encrypted Password : {site.EncPassword}", !string.IsNullOrWhiteSpace(site.EncPassword)); + PrintColored( $" Decrypted Password : {site.DecPassword}", !string.IsNullOrWhiteSpace(site.DecPassword)); + Beaprint.NoColorPrint( $" Domain Name : {site.DomainName}\n" + + $" Name : {site.Name}\n" + + $" Type : {site.Type}\n" + + $" Relative Path : {site.RelativePath}\n"); } Beaprint.PrintLineSeparator(); @@ -247,6 +247,18 @@ namespace winPEAS.Checks } } + private static void PrintColored(string str, bool isBad) + { + if (isBad) + { + Beaprint.BadPrint(str); + } + else + { + Beaprint.NoColorPrint(str); + } + } + void PrintWSLDistributions() { Beaprint.MainPrint("Looking for Linux shells/distributions - wsl.exe, bash.exe"); @@ -307,13 +319,20 @@ namespace winPEAS.Checks Beaprint.ColorPrint($" Running {linpeas} in the default distribution\n" + $" Using linpeas.sh URL: {Checks.LinpeasUrl}", Beaprint.LBLUE); - try + if (Checks.IsLinpeas) { - WSL.RunLinpeas(Checks.LinpeasUrl); + try + { + WSL.RunLinpeas(Checks.LinpeasUrl); + } + catch (Exception ex) + { + Beaprint.PrintException($" Unable to run linpeas.sh: {ex.Message}"); + } } - catch (Exception ex) + else { - Beaprint.PrintException($" Unable to run linpeas.sh: {ex.Message}"); + Beaprint.ColorPrint(" [!] Check skipped, if you want to run it, please specify '-linpeas=[url]' argument", Beaprint.YELLOW); } } else @@ -985,6 +1004,13 @@ namespace winPEAS.Checks Beaprint.MainPrint("Looking for LOL Binaries and Scripts (can be slow)"); Beaprint.LinkPrint("https://lolbas-project.github.io/"); + if (!Checks.IsLolbas) + { + Beaprint.ColorPrint(" [!] Check skipped, if you want to run it, please specify '-lolbas' argument", Beaprint.YELLOW); + + return; + } + var systemDrive = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\"; string rootUsersSearchPath = $"{systemDrive}\\users"; diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs index 115a434..05201ec 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs @@ -74,7 +74,6 @@ namespace winPEAS.Helpers Console.WriteLine(); Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Advisory); Console.WriteLine(); - Thread.Sleep(700); } public static void PrintInit() @@ -84,7 +83,7 @@ namespace winPEAS.Helpers PrintBanner(); } - Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Version + NOCOLOR + YELLOW + " by carlospolop, makikvues(makikvues2[at]gmail[dot]com)" + NOCOLOR); + Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Version + NOCOLOR + YELLOW + " by @carlospolopm, makikvues(makikvues2[at]gmail[dot]com)" + NOCOLOR); Console.WriteLine(); PrintLegend(); @@ -121,8 +120,13 @@ namespace winPEAS.Helpers Console.WriteLine(LBLUE + " wait" + GRAY + " Wait for user input between checks" + NOCOLOR); Console.WriteLine(LBLUE + " debug" + GRAY + " Display debugging information - memory usage, method execution time" + NOCOLOR); Console.WriteLine(LBLUE + " log" + GRAY +$" Log all output to file \"{Checks.Checks.LogFile}\"" + NOCOLOR); - Console.WriteLine(LBLUE + " linpeasUrl=" + GRAY + $" Provide linpeas.sh URL for WSL checks (default: {Checks.Checks.LinpeasUrl})" + NOCOLOR); - Console.WriteLine(YELLOW + " [+] " + LYELLOW + "By default all checks (except CMD checks) are executed" + NOCOLOR); + Console.WriteLine(YELLOW + " [+] " + LYELLOW + "By default all checks (except CMD checks and additional checks) are executed" + NOCOLOR); + Console.WriteLine(); + Console.WriteLine(LCYAN + " Additional checks (slower):"); + Console.WriteLine(LBLUE + " -lolbas" + GRAY + $" Run additional LOLBAS check" + NOCOLOR); + Console.WriteLine(LBLUE + " -linpeas=[url]" + GRAY + $" Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL\n" + + $" (default: {Checks.Checks.LinpeasUrl})" + NOCOLOR); + } diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs b/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs index 16faf7e..13474fa 100644 --- a/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs +++ b/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs @@ -4,6 +4,7 @@ using System.Diagnostics; using System.Diagnostics.Eventing.Reader; using System.IO; using System.Linq; +using System.Net; using System.Reflection; using System.Security.Principal; using System.Text; @@ -171,6 +172,25 @@ namespace winPEAS.Helpers return false; } + internal static bool IsUrlReachable(string url) + { + try + { + HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); + request.Timeout = 5000; + request.Method = "HEAD"; + + using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) + { + return response.StatusCode == HttpStatusCode.OK && response.ContentLength > 0; + } + } + catch (Exception) + { + return false; + } + } + // From https://stackoverflow.com/questions/206323/how-to-execute-command-line-in-c-get-std-out-results public static string ExecCMD(string args, string alternative_binary = "")