github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-20 12:39:21 +01:00
Code Releases Activity

Add Powershell history file

Browse Source
This commit is contained in:
pixis 2020-06-22 18:35:13 +02:00
parent c951fddf8e
commit 7618fc38f0
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
winPEAS/winPEASexe/winPEAS/InterestingFiles.cs
View File

@ -437,6 +437,23 @@ namespace winPEAS
return results; return results;
} }
public static string GetConsoleHostHistory()
{
string result = "";
try
{
string searchLocation = String.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadline\\ConsoleHost_history.txt", Environment.GetEnvironmentVariable("USERPROFILE"));
if (System.IO.File.Exists(searchLocation))
result = searchLocation;
}
catch (Exception ex)
{
Beaprint.GrayPrint("Error: " + ex);
}
return result;
}
public static List<Dictionary<string, string>> GetRecycleBin() public static List<Dictionary<string, string>> GetRecycleBin()
{ {
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>(); List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();

26
winPEAS/winPEASexe/winPEAS/Program.cs
View File

@ -1959,6 +1959,31 @@ namespace winPEAS
} }
} }
void PrintConsoleHostHistory()
{
try
{
Beaprint.MainPrint("Powershell History", "");
string console_host_history = InterestingFiles.GetConsoleHostHistory();
if (console_host_history != "")
{
string text = File.ReadAllText(console_host_history);
List<string> credStringsRegexPowershell = new List<string>(credStringsRegex);
credStringsRegexPowershell.Add("CONVERTTO-SECURESTRING");
if (MyUtils.ContainsAnyRegex(text.ToUpper(), credStringsRegexPowershell))
Beaprint.BadPrint(" " + console_host_history + " (Potential credentials found)");
else
System.Console.WriteLine(" " + console_host_history);
}
}
catch (Exception ex)
{
Beaprint.GrayPrint(String.Format("{0}", ex));
}
}
void PrintSAMBackups() void PrintSAMBackups()
{ {
try try
@ -2182,6 +2207,7 @@ namespace winPEAS
PrintSSHKeysReg(); PrintSSHKeysReg();
PrintCloudCreds(); PrintCloudCreds();
PrintUnattendFiles(); PrintUnattendFiles();
PrintConsoleHostHistory();
PrintSAMBackups(); PrintSAMBackups();
PrintMcAffeSitelistFiles(); PrintMcAffeSitelistFiles();
PrintCachedGPPPassword(); PrintCachedGPPPassword();