mirror of
https://github.com/carlospolop/PEASS-ng
synced 2024-11-24 01:26:22 +01:00
- added search for hidden files in c:\users
This commit is contained in:
parent
f5155d5eb4
commit
2a0ab7bf77
@ -125,6 +125,7 @@ namespace winPEAS.Checks
|
||||
PrintUsersDocsKeys,
|
||||
PrintRecentFiles,
|
||||
PrintRecycleBin,
|
||||
PrintHiddenFilesAndFolders,
|
||||
PrintOtherUsersInterestingFiles
|
||||
}.ForEach(action => CheckRunner.Run(action, isDebug));
|
||||
}
|
||||
@ -541,5 +542,106 @@ namespace winPEAS.Checks
|
||||
Beaprint.PrintException(ex.Message);
|
||||
}
|
||||
}
|
||||
|
||||
void PrintHiddenFilesAndFolders()
|
||||
{
|
||||
HashSet<string> excludedFilenames = new HashSet<string>()
|
||||
{
|
||||
"cache.bin",
|
||||
"container.dat",
|
||||
"desktop.ini",
|
||||
"iconcache.db",
|
||||
"ntuser.ini",
|
||||
"ntuser.dat",
|
||||
"ntuser.dat.log1",
|
||||
"ntuser.dat.log2",
|
||||
"pof.dat.log1",
|
||||
"pof.dat.log2",
|
||||
"privateregistry.bin.log1",
|
||||
"privateregistry.bin.log2",
|
||||
"settings.dat.log1",
|
||||
"settings.dat.log2",
|
||||
"thumbs.db",
|
||||
"user.dat.log1",
|
||||
"user.dat.log2",
|
||||
"userclasses.dat",
|
||||
"userclasses.dat.log1",
|
||||
"userclasses.dat.log2",
|
||||
"usrclass.dat",
|
||||
"usrclass.dat.log1",
|
||||
"usrclass.dat.log2",
|
||||
};
|
||||
|
||||
HashSet<string> excludedExtensions = new HashSet<string>()
|
||||
{
|
||||
".blf",
|
||||
".igpi",
|
||||
".regtrans-ms",
|
||||
".search-ms",
|
||||
".suo",
|
||||
};
|
||||
|
||||
HashSet<string> excludedKnownFolders = new HashSet<string>()
|
||||
{
|
||||
"accountpictures",
|
||||
"appdata",
|
||||
"application data",
|
||||
"cookies",
|
||||
"desktop",
|
||||
"documents",
|
||||
"intelgraphicsprofiles",
|
||||
"libraries",
|
||||
"local settings",
|
||||
"my documents",
|
||||
"nethood",
|
||||
"printhood",
|
||||
"recent",
|
||||
"recent",
|
||||
"sendto",
|
||||
"start menu",
|
||||
"templates",
|
||||
};
|
||||
|
||||
var systemDrive = Environment.GetEnvironmentVariable("SystemDrive");
|
||||
|
||||
Beaprint.MainPrint($"Searching hidden files or folders in {systemDrive}\\Users home (can be slow)\n");
|
||||
|
||||
foreach (var file in SearchHelper.RootDirUsers)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (File.GetAttributes(file.FullPath).HasFlag(FileAttributes.Hidden))
|
||||
{
|
||||
if (file.Extension != null && excludedExtensions.Contains(file.Extension.ToLower()))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (file.Filename != null && excludedFilenames.Contains(file.Filename.ToLower()))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
// skip well known folders
|
||||
if (excludedKnownFolders.Contains(Path.GetFileName(file.FullPath).ToLower()))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (file.FullPath.ToLower().Contains("microsoft"))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
Beaprint.BadPrint($" {file.FullPath}");
|
||||
}
|
||||
}
|
||||
catch (PathTooLongException ex) { }
|
||||
catch (Exception ex)
|
||||
{
|
||||
// & other exceptions
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -6,18 +6,17 @@ namespace winPEAS.Helpers
|
||||
internal static class CheckRunner
|
||||
{
|
||||
public static void Run(Action action, bool isDebug, string description = null)
|
||||
{
|
||||
if (!isDebug)
|
||||
{
|
||||
action();
|
||||
}
|
||||
else
|
||||
{
|
||||
var timer = new Stopwatch();
|
||||
|
||||
if (isDebug)
|
||||
{
|
||||
timer.Start();
|
||||
}
|
||||
|
||||
action();
|
||||
|
||||
if (isDebug)
|
||||
{
|
||||
timer.Stop();
|
||||
|
||||
TimeSpan timeTaken = timer.Elapsed;
|
||||
|
@ -10,14 +10,12 @@ namespace winPEAS.Helpers.Search
|
||||
{
|
||||
static class SearchHelper
|
||||
{
|
||||
private static List<CustomFileInfo> RootDirUsers;
|
||||
public static List<CustomFileInfo> RootDirUsers;
|
||||
private static List<CustomFileInfo> RootDirCurrentUser;
|
||||
private static List<CustomFileInfo> ProgramFiles;
|
||||
private static List<CustomFileInfo> ProgramFilesX86;
|
||||
private static List<CustomFileInfo> DocumentsAndSettings;
|
||||
private static List<CustomFileInfo> GroupPolicyHistory;
|
||||
// private static List<CustomFileInfo> GroupPolicyHistoryLegacy;
|
||||
|
||||
|
||||
public static List<CustomFileInfo> GetFilesFast(string folder, string pattern = "*", HashSet<string> excludedDirs = null, bool isFoldersIncluded = false)
|
||||
{
|
||||
@ -32,14 +30,7 @@ namespace winPEAS.Helpers.Search
|
||||
bool shouldAdd = true;
|
||||
string startDirLower = startDir.FullName.ToLower();
|
||||
|
||||
foreach (var excludedDirPattern in excludedDirs)
|
||||
{
|
||||
if (Regex.IsMatch(startDirLower, excludedDirPattern, RegexOptions.IgnoreCase))
|
||||
{
|
||||
shouldAdd = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
shouldAdd = !excludedDirs.Contains(startDirLower);
|
||||
|
||||
if (shouldAdd)
|
||||
{
|
||||
@ -171,7 +162,7 @@ namespace winPEAS.Helpers.Search
|
||||
|
||||
// c:\users
|
||||
string rootUsersSearchPath = $"{systemDrive}\\Users\\";
|
||||
SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, globalPattern);
|
||||
SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, globalPattern, isFoldersIncluded: true);
|
||||
|
||||
// c:\users\current_user
|
||||
string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
|
||||
|
@ -8,7 +8,7 @@
|
||||
<StartArguments>applicationsinfo</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
||||
<StartArguments>cmd fast</StartArguments>
|
||||
<StartArguments>debug</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
|
||||
<StartArguments>fast</StartArguments>
|
||||
|
Loading…
Reference in New Issue
Block a user