mirror of
https://github.com/carlospolop/PEASS-ng
synced 2025-02-21 10:30:58 +01:00
images, banners & options
This commit is contained in:
parent
42ff07fe8c
commit
938c2e13b0
.gitignore
linPEAS
winPEAS/winPEASexe
.vs/winPEAS/v16
README.mdimages
privilege-escalation-awesome-script-suite-master.zipwinPEAS
Beaprint.csMyUtils.csProgram.csWatson.cswinPEAS.csproj.user
bin
Debug
Release
x64/Release
x86/Release
obj
Debug
Release
winPEAS.csproj.FileListAbsolute.txtwinPEAS.csproj.Fody.CopyLocal.cachewinPEAS.csprojAssemblyReference.cachewinPEAS.exewinPEAS.pdb
x64/Release
x86/Release
2
.gitignore
vendored
Normal file → Executable file
2
.gitignore
vendored
Normal file → Executable file
@ -1,2 +1,4 @@
|
||||
.vs/*
|
||||
winPEAS/winPEASexe/.vs/*
|
||||
Debug/*
|
||||
winPEAS/winPEASexe/winPEAS/bin/Debug/*
|
||||
|
Binary file not shown.
Before ![]() (image error) Size: 43 KiB After ![]() (image error) Size: 356 KiB ![]() ![]() |
1717
linPEAS/linpeas.sh
1717
linPEAS/linpeas.sh
File diff suppressed because it is too large
Load Diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -10,7 +10,7 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac
|
||||
|
||||
Download the **[latest version from here](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin)** or **compile it yourself**.
|
||||
```bash
|
||||
winpeas.exe ansii #ANSII color for linux consoles (reverse shell)
|
||||
winpeas.exe ansi #ANSI color for linux consoles (reverse shell)
|
||||
winpeas.exe #Will execute all checks except the ones that execute MD commands
|
||||
winpeas.exe cmd #All checks
|
||||
winpeas.exe cmd fast #All except the one that search for files
|
||||
@ -27,7 +27,7 @@ The **ouput will be colored**. Below you have some indications about what does e
|
||||
|
||||
The tool is heavily based in **[SeatBelt](https://github.com/GhostPack/Seatbelt)**.
|
||||
|
||||
**IMPORTANT TO NOTICE:** By default WinPEAS will use colord for Windows terminals (without ANSII characters). If execute winpeas.exe from a reverse shell without any option **no color will be printed**. To see colors in a linux terminal you need to use the **ansii** parameter.
|
||||
**IMPORTANT TO NOTICE:** By default WinPEAS will use colors for Windows terminals (without ANSI characters). If you are executing winpeas.exe from a reverse shell without any option **any color will be appear**. To see colors in a linux terminal you need to use the **ansi** parameter.
|
||||
|
||||
## Help
|
||||
|
||||
|
Binary file not shown.
Before ![]() (image error) Size: 159 KiB After ![]() (image error) Size: 157 KiB ![]() ![]() |
Binary file not shown.
@ -23,11 +23,11 @@ namespace winPEAS
|
||||
static string LCYAN = "\x1b[1;36m";
|
||||
static string REDYELLOW = "\x1b[31;103m";
|
||||
public static string NOCOLOR = "\x1b[0m";
|
||||
public static string ansii_color_bad = RED;
|
||||
public static string ansii_color_good = GREEN;
|
||||
public static string ansii_users_active = CYAN;
|
||||
public static string ansii_users_disabled = BLUE;
|
||||
public static string ansii_current_user = MAGENTA;
|
||||
public static string ansi_color_bad = RED;
|
||||
public static string ansi_color_good = GREEN;
|
||||
public static string ansi_users_active = CYAN;
|
||||
public static string ansi_users_disabled = BLUE;
|
||||
public static string ansi_current_user = MAGENTA;
|
||||
|
||||
public static Color color_key = Color.DarkSeaGreen;
|
||||
public static Color color_not_found = Color.Gray;
|
||||
@ -47,25 +47,56 @@ namespace winPEAS
|
||||
Color.Peru
|
||||
};
|
||||
|
||||
public static void PrintBanner()
|
||||
{
|
||||
System.Console.WriteLine(@"
|
||||
*((,.,/((((((((((((((((((((/, */
|
||||
,/*,..*(((((((((((((((((((((((((((((((((, ,/
|
||||
.,*/((((((((((((((((((/, .*//((//**, .*((((((* ./,
|
||||
(((((((((((((((((* .****,,,/((##########(* ,((((((* (
|
||||
((((((((((((/* .***************,,/(########(. ((((((* *,
|
||||
,.. ...,****************(@@@#(/***/(#####* /((((((./
|
||||
,,,..**********************&@@@#@@@@@(***,.*(###* /(((((*.
|
||||
,, ,**********************#@@&(#%@@@%*********,,((/ /(((((
|
||||
,. ...........,,*********/%@@&&@@@@@/*************,,..((((
|
||||
,,**(################(/*****//&@@@@%****************** /((
|
||||
.**(########################(/,.,/(/*******************.*(
|
||||
.*/(#############################(/*********************,*
|
||||
,*/(##################################(/*****************.
|
||||
,*((######################################(**************.
|
||||
.*((######(,.***.,(###################(..***(/***********.
|
||||
.,/(######*(#####((##################((######/(**********.
|
||||
,.*/##################(/**********(################(*****.
|
||||
,.,*(####################/*******(####################((/.
|
||||
,, **((############################################/ /((
|
||||
,,, ,*((#########################################(..((((((
|
||||
. .. ,**/(#####################################( .((((((((
|
||||
(((((* ,(#################################((* /(((((((((
|
||||
((((((((((. ,(############################(../((((((((((
|
||||
(((((((((/, ,####################(/..((((((((((
|
||||
(((((((((/,. ,*//////*,. ./(((((((((((
|
||||
((((((((((((((((((((((((((((/");
|
||||
}
|
||||
|
||||
public static void PrintInit()
|
||||
{
|
||||
Colorful.Console.WriteLine();
|
||||
Colorful.Console.WriteLine();
|
||||
if (Program.banner)
|
||||
PrintBanner();
|
||||
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + "[+] " + NOCOLOR + "WinPEAS" + GREEN + Program.version + NOCOLOR );
|
||||
System.Console.WriteLine(YELLOW + " " + NOCOLOR + "WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR );
|
||||
}
|
||||
else
|
||||
{
|
||||
Formatter[] colorsString = new Formatter[]
|
||||
{
|
||||
new Formatter( " [+] ", Color.Yellow),
|
||||
new Formatter( "WinPEASv", color_key),
|
||||
new Formatter( " WinPEAS", color_key),
|
||||
new Formatter( Program.version, color_default),
|
||||
};
|
||||
|
||||
Colorful.Console.WriteLineFormatted("{0}{1}{2}", color_key, colorsString);
|
||||
Colorful.Console.WriteLineFormatted("{0} {1} by carlospolop", Color.Yellow, colorsString);
|
||||
}
|
||||
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
|
||||
PrintLeyend();
|
||||
@ -73,7 +104,7 @@ namespace winPEAS
|
||||
|
||||
static void PrintLeyend()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR);
|
||||
System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
|
||||
@ -98,10 +129,11 @@ namespace winPEAS
|
||||
|
||||
public static void PrintUsage()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tansii" + GRAY + " Use ANSII colors (see color from linux terminal)" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tquiet" + GRAY + " Do not print banner" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tansi" + GRAY + " Use ansi colors (see color from linux terminal)" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tfast" + GRAY + " This will avoid very time consuming checks" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tcmd" + GRAY + " Obtain wifi, cred manager and clipboard information executing CMD commands" + NOCOLOR);
|
||||
System.Console.WriteLine(LBLUE + "\tsysteminfo" + GRAY + " Search system information" + NOCOLOR);
|
||||
@ -118,7 +150,8 @@ namespace winPEAS
|
||||
else
|
||||
{
|
||||
Colorful.Console.Write(" [*] ", Color.Yellow); Colorful.Console.WriteLine("WinPEAS is a binary to enumerate possible paths to escalate privileges locally", color_key);
|
||||
Colorful.Console.Write("\tansii", color_default); Colorful.Console.WriteLine(" Use ANSII colors (see color from linux terminal)", Color.Gray);
|
||||
Colorful.Console.Write("\tquiet", color_default); Colorful.Console.WriteLine(" Do not print banner", Color.Gray);
|
||||
Colorful.Console.Write("\tansi", color_default); Colorful.Console.WriteLine(" Use ansi colors (see color from linux terminal)", Color.Gray);
|
||||
Colorful.Console.Write("\tfast", color_default); Colorful.Console.WriteLine(" This will avoid very time consuming checks", Color.Gray);
|
||||
Colorful.Console.Write("\tcmd", color_default); Colorful.Console.WriteLine(" Obtain wifi, cred manager and clipboard information executing CMD commands", Color.Gray);
|
||||
Colorful.Console.Write("\tsysteminfo", color_default); Colorful.Console.WriteLine(" Search system information", Color.Gray);
|
||||
@ -141,7 +174,7 @@ namespace winPEAS
|
||||
System.Console.WriteLine();
|
||||
System.Console.WriteLine();
|
||||
int halfTotal = 60;
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" +NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -162,7 +195,7 @@ namespace winPEAS
|
||||
try
|
||||
{
|
||||
Colorful.Console.WriteLine();
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [+] " + LRED + toPrint + YELLOW + "(" + GRAY + attackid + YELLOW + ")" + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -185,7 +218,7 @@ namespace winPEAS
|
||||
{
|
||||
try
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -208,7 +241,7 @@ namespace winPEAS
|
||||
{
|
||||
try
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR);
|
||||
else
|
||||
{
|
||||
@ -233,7 +266,7 @@ namespace winPEAS
|
||||
|
||||
public static void GoodPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(GREEN + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_good);
|
||||
@ -241,7 +274,7 @@ namespace winPEAS
|
||||
|
||||
public static void BadPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(RED + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_bad);
|
||||
@ -249,7 +282,7 @@ namespace winPEAS
|
||||
|
||||
public static void GrayPrint(string to_print)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(GRAY + to_print + NOCOLOR);
|
||||
else
|
||||
Colorful.Console.WriteLine(to_print, color_not_found);
|
||||
@ -260,22 +293,22 @@ namespace winPEAS
|
||||
{
|
||||
GrayPrint(" =================================================================================================");
|
||||
}
|
||||
public static void AnsiiPrint(string to_print, Dictionary<string, string> ansii_colors_regexp)
|
||||
public static void AnsiPrint(string to_print, Dictionary<string, string> ansi_colors_regexp)
|
||||
{
|
||||
if (to_print.Trim().Length > 0)
|
||||
{
|
||||
foreach (string line in to_print.Split('\n'))
|
||||
{
|
||||
string new_line = line;
|
||||
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
|
||||
new_line = RegexAnsii(new_line, color.Value, color.Key);
|
||||
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
|
||||
new_line = Regexansi(new_line, color.Value, color.Key);
|
||||
|
||||
System.Console.WriteLine(new_line);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static string RegexAnsii(string to_match, string color, string rgxp)
|
||||
static string Regexansi(string to_match, string color, string rgxp)
|
||||
{
|
||||
Regex regex = new Regex(rgxp);
|
||||
Match match = regex.Match(to_match);
|
||||
@ -283,7 +316,7 @@ namespace winPEAS
|
||||
return to_match.Replace(match.Value, color + match.Value + NOCOLOR);
|
||||
return to_match;
|
||||
}
|
||||
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansii_colors_regexp, bool delete_nulls)
|
||||
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls)
|
||||
{
|
||||
try
|
||||
{
|
||||
@ -293,10 +326,10 @@ namespace winPEAS
|
||||
continue;
|
||||
string value = entry.Value;
|
||||
string key = entry.Key;
|
||||
foreach (KeyValuePair<string, string> color in ansii_colors_regexp)
|
||||
foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
|
||||
{
|
||||
key = RegexAnsii(key, color.Value, color.Key);
|
||||
value = RegexAnsii(value, color.Value, color.Key);
|
||||
key = Regexansi(key, color.Value, color.Key);
|
||||
value = Regexansi(value, color.Value, color.Key);
|
||||
}
|
||||
System.Console.WriteLine(" " + key + ": " + value);
|
||||
}
|
||||
@ -316,7 +349,7 @@ namespace winPEAS
|
||||
{
|
||||
if (delete_nulls && String.IsNullOrEmpty(entry.Value))
|
||||
continue;
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
System.Console.WriteLine(" " + entry.Key + ": " + entry.Value);
|
||||
|
||||
else
|
||||
@ -508,7 +541,7 @@ namespace winPEAS
|
||||
{
|
||||
if (list_to_print.Count > 0)
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
foreach (string elem in list_to_print)
|
||||
System.Console.WriteLine(" " + elem);
|
||||
@ -533,7 +566,7 @@ namespace winPEAS
|
||||
if (list_to_print.Count > 0)
|
||||
{
|
||||
foreach (string elem in list_to_print)
|
||||
AnsiiPrint(" " + elem, dic_colors);
|
||||
AnsiPrint(" " + elem, dic_colors);
|
||||
}
|
||||
else
|
||||
NotFoundPrint();
|
||||
|
@ -554,8 +554,8 @@ namespace winPEAS
|
||||
// search every pattern in this directory's files
|
||||
foreach (string pattern in patterns.Split(';'))
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
Beaprint.AnsiiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
|
||||
if (Program.using_ansi)
|
||||
Beaprint.AnsiPrint(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(String.Join("\n", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), ss); // .exe can be contained because of appcmd.exe
|
||||
}
|
||||
|
@ -9,10 +9,11 @@ namespace winPEAS
|
||||
{
|
||||
class Program
|
||||
{
|
||||
public static string version = "BETA VERSION";
|
||||
public static bool banner = true;
|
||||
public static string version = "vBETA VERSION";
|
||||
static bool is_fast = false;
|
||||
static bool exec_cmd = false;
|
||||
public static bool using_ansii = false;
|
||||
public static bool using_ansi = false;
|
||||
|
||||
// Static blacklists
|
||||
static string strTrue = "True";
|
||||
@ -35,11 +36,11 @@ namespace winPEAS
|
||||
static Color color_key = Beaprint.color_key;
|
||||
static Color color_good = Beaprint.color_good;
|
||||
static Color color_bad = Beaprint.color_bad;
|
||||
static string ansii_color_bad = Beaprint.ansii_color_bad;
|
||||
static string ansii_color_good = Beaprint.ansii_color_good;
|
||||
static string ansii_users_active = Beaprint.ansii_users_active;
|
||||
static string ansii_users_disabled = Beaprint.ansii_users_disabled;
|
||||
static string ansii_current_user = Beaprint.ansii_current_user;
|
||||
static string ansi_color_bad = Beaprint.ansi_color_bad;
|
||||
static string ansi_color_good = Beaprint.ansi_color_good;
|
||||
static string ansi_users_active = Beaprint.ansi_users_active;
|
||||
static string ansi_users_disabled = Beaprint.ansi_users_disabled;
|
||||
static string ansi_current_user = Beaprint.ansi_current_user;
|
||||
static StyleSheet onlyDefaultStyleSheet = new StyleSheet(color_default);
|
||||
static StyleSheet onlyKeyStyleSheet = new StyleSheet(color_key);
|
||||
|
||||
@ -69,11 +70,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Basic System Information", "T1082&T1124&T1012&T1497&T1212");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits", "Check if the Windows versions is vulnerable to some known exploit");
|
||||
Dictionary<string, string> basicDictSystem = SystemInfo.GetBasicOSInfo();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ strTrue, ansii_color_bad }
|
||||
{ strTrue, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
|
||||
}
|
||||
@ -143,11 +144,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("LAPS Settings", "T1012");
|
||||
Beaprint.LinkPrint("", "If installed, local administrator password change frequently in domain-joined boxes and is restricted by ACL");
|
||||
Dictionary<string, string> lapsDict = SystemInfo.GetLapsSettings();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ badLAPS, ansii_color_bad }
|
||||
{ badLAPS, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(lapsDict, colorsSI, false);
|
||||
}
|
||||
@ -171,11 +172,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("User Environment Variables", "");
|
||||
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
|
||||
Dictionary<string, string> userEnvDict = SystemInfo.GetUserEnvVariables();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad }
|
||||
{ print_credStrings, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(userEnvDict, colorsSI, false);
|
||||
}
|
||||
@ -199,11 +200,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("System Environment Variables", "");
|
||||
Beaprint.LinkPrint("", "Check for some passwords or keys in the env variables");
|
||||
Dictionary<string, string> sysEnvDict = SystemInfo.GetSystemEnvVariables();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad }
|
||||
{ print_credStrings, ansi_color_bad }
|
||||
};
|
||||
Beaprint.DictPrint(sysEnvDict, colorsSI, false);
|
||||
}
|
||||
@ -260,13 +261,13 @@ namespace winPEAS
|
||||
if (drive_permissions.Length > 0)
|
||||
dToPrint += "(Permissions: {5})";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Permissions.*", ansii_color_bad}
|
||||
{ "Permissions.*", ansi_color_bad}
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
|
||||
Beaprint.AnsiPrint(String.Format(dToPrint, drive["Name"], drive["Type"], drive["Volume label"], drive["Filesystem"], (((Int64.Parse(drive["Available space"]) / 1024) / 1024) / 1024).ToString(), drive_permissions), colorsSI);
|
||||
}
|
||||
|
||||
else
|
||||
@ -316,12 +317,12 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access", "If you are in the Administrators group check how to bypass the UAC");
|
||||
Dictionary<string, string> uacDict = SystemInfo.GetUACSystemPolicies();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsSI = new Dictionary<string, string>()
|
||||
{
|
||||
{ badUAC, ansii_color_bad },
|
||||
{ goodUAC, ansii_color_good }
|
||||
{ badUAC, ansi_color_bad },
|
||||
{ goodUAC, ansi_color_good }
|
||||
};
|
||||
Beaprint.DictPrint(uacDict, colorsSI, false);
|
||||
}
|
||||
@ -414,15 +415,15 @@ namespace winPEAS
|
||||
{
|
||||
return new Dictionary<string, string>()
|
||||
{
|
||||
{ paint_activeUsers, ansii_users_active },
|
||||
{ paint_disabledUsers, ansii_users_disabled },
|
||||
{ currentUserName, ansii_current_user },
|
||||
{ currentDomainName, ansii_current_user },
|
||||
{ paint_adminUsers, ansii_color_bad },
|
||||
{ badgroups, ansii_color_bad },
|
||||
{ badpasswd, ansii_color_bad },
|
||||
{ badPrivileges, ansii_color_bad },
|
||||
{ "DefaultPassword.*", ansii_color_bad },
|
||||
{ paint_activeUsers, ansi_users_active },
|
||||
{ paint_disabledUsers, ansi_users_disabled },
|
||||
{ currentUserName, ansi_current_user },
|
||||
{ currentDomainName, ansi_current_user },
|
||||
{ paint_adminUsers, ansi_color_bad },
|
||||
{ badgroups, ansi_color_bad },
|
||||
{ badpasswd, ansi_color_bad },
|
||||
{ badPrivileges, ansi_color_bad },
|
||||
{ "DefaultPassword.*", ansi_color_bad },
|
||||
};
|
||||
}
|
||||
|
||||
@ -433,9 +434,9 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Current users", "T1087&T1069&T1033");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#users-and-groups", "Check if you have some admin equivalent privileges");
|
||||
List<string> users_grps = UserInfo.GetMachineUsers(false, false, false, false, true);
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(" Current user: " + currentUserName, colorsU());
|
||||
Beaprint.AnsiPrint(" Current user: " + currentUserName, colorsU());
|
||||
Beaprint.ListPrint(users_grps, colorsU());
|
||||
}
|
||||
else
|
||||
@ -457,7 +458,7 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Current Token privileges", "T1134");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#token-manipulation", "Check if you can escalate privilege using some enabled token");
|
||||
Dictionary<string, string> token_privs = UserInfo.GetTokenGroupPrivs();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(token_privs, colorsU(), false);
|
||||
else
|
||||
Beaprint.DictPrint(token_privs, CreateUsersSS(), false);
|
||||
@ -499,7 +500,7 @@ namespace winPEAS
|
||||
{
|
||||
Beaprint.MainPrint("Logged users", "T1087&T1033");
|
||||
List<string> loggedusers = UserInfo.GetLoggedUsers();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.ListPrint(loggedusers, colorsU());
|
||||
else
|
||||
Beaprint.ListPrint(loggedusers, CreateUsersSS());
|
||||
@ -520,10 +521,10 @@ namespace winPEAS
|
||||
{
|
||||
string format = " {0,-10}{1,-15}{2,-15}{3,-25}{4,-10}{5}";
|
||||
string header = String.Format(format, "SessID", "pSessionName", "pUserName", "pDomainName", "State", "SourceIP");
|
||||
if (using_ansii) {
|
||||
if (using_ansi) {
|
||||
System.Console.WriteLine(header);
|
||||
foreach (Dictionary<string, string> rdp_ses in rdp_sessions)
|
||||
Beaprint.AnsiiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
|
||||
Beaprint.AnsiPrint(String.Format(format, rdp_ses["SessionID"], rdp_ses["pSessionName"], rdp_ses["pUserName"], rdp_ses["pDomainName"], rdp_ses["State"], rdp_ses["SourceIP"]), colorsU());
|
||||
}
|
||||
else {
|
||||
Colorful.Console.WriteLineStyled(header, onlyKeyStyleSheet);
|
||||
@ -546,7 +547,7 @@ namespace winPEAS
|
||||
{
|
||||
Beaprint.MainPrint("Ever logged users", "T1087&T1033");
|
||||
List<string> everlogged = UserInfo.GetEverLoggedUsers();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.ListPrint(everlogged, colorsU());
|
||||
else
|
||||
Beaprint.ListPrint(everlogged, CreateUsersSS());
|
||||
@ -574,8 +575,8 @@ namespace winPEAS
|
||||
Beaprint.BadPrint("Some AutoLogon credentials were found!!");
|
||||
ban = true;
|
||||
}
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), colorsU());
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(String.Format(" {0,-30}: {1}", entry.Key, entry.Value), CreateUsersSS());
|
||||
}
|
||||
@ -620,7 +621,7 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Password Policies", "T1201");
|
||||
Beaprint.LinkPrint("", "This is insteresting for brute-force");
|
||||
List<Dictionary<string, string>> PPy = UserInfo.GetPasswordPolicy();
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(PPy, colorsU(), false);
|
||||
else
|
||||
Beaprint.DictPrint(PPy, CreateUsersSS(), false);
|
||||
@ -705,16 +706,16 @@ namespace winPEAS
|
||||
if (proc_info["CommandLine"].Length > 1)
|
||||
formString += "\n {8}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsP = new Dictionary<string, string>()
|
||||
{
|
||||
{ currentUserName, ansii_current_user },
|
||||
{ "Permissions:.*", ansii_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansii_color_bad },
|
||||
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ currentUserName, ansi_current_user },
|
||||
{ "Permissions:.*", ansi_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansi_color_bad },
|
||||
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
|
||||
Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -799,17 +800,17 @@ namespace winPEAS
|
||||
if (service_info["Description"].Length > 1)
|
||||
formString += "\n {10}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsS = new Dictionary<string, string>()
|
||||
{
|
||||
{ "File Permissions:.*", ansii_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansii_color_bad },
|
||||
{ "No quotes and Space detected", ansii_color_bad },
|
||||
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansii_color_bad : ansii_color_good },
|
||||
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansii_color_bad : ansii_color_good },
|
||||
{ "File Permissions:.*", ansi_color_bad },
|
||||
{ "Possible DLL Hijacking.*", ansi_color_bad },
|
||||
{ "No quotes and Space detected", ansi_color_bad },
|
||||
{ service_info["PathName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0 || no_quotes_and_space) ? ansi_color_bad : ansi_color_good },
|
||||
{ service_info["StartMode"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (service_info["StartMode"].ToLower() == "auto") ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
|
||||
Beaprint.AnsiPrint(String.Format(formString, service_info["Name"], service_info["CompanyName"], service_info["DisplayName"], service_info["PathName"], service_info["StartMode"], service_info["State"], service_info["isDotNet"], "No quotes and Space detected", String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(service_info["FilteredPath"]) : "", String.Join(", ", dir_rights), service_info["Description"]), colorsS);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -958,11 +959,11 @@ namespace winPEAS
|
||||
Colorful.Console.WriteLine();
|
||||
|
||||
Beaprint.MainPrint("Installed Applications --Via Registry--", "T1083&T1012&T1010");
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsA = new Dictionary<string, string>()
|
||||
{
|
||||
{ goodSoft, ansii_color_good }
|
||||
{ goodSoft, ansi_color_good }
|
||||
};
|
||||
Beaprint.ListPrint(ApplicationInfo.GetAppsRegistry(), colorsA);
|
||||
}
|
||||
@ -991,13 +992,13 @@ namespace winPEAS
|
||||
{
|
||||
Dictionary<string, string> colorsA = new Dictionary<string, string>()
|
||||
{
|
||||
{ "FolderPerms:.*", ansii_color_bad },
|
||||
{ "FilePerms:.*", ansii_color_bad },
|
||||
{ "(Unquoted and Space detected)", ansii_color_bad },
|
||||
{ "(RegPath is writable)", ansii_color_bad },
|
||||
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansii_color_bad : ansii_color_good },
|
||||
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansii_color_bad : ansii_color_good },
|
||||
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansii_color_bad : ansii_color_good },
|
||||
{ "FolderPerms:.*", ansi_color_bad },
|
||||
{ "FilePerms:.*", ansi_color_bad },
|
||||
{ "(Unquoted and Space detected)", ansi_color_bad },
|
||||
{ "(RegPath is writable)", ansi_color_bad },
|
||||
{ (app["Folder"].Length > 0) ? app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "ouigyevb2uivydi2u3id2ddf3", !String.IsNullOrEmpty(app["interestingFolderRights"]) ? ansi_color_bad : ansi_color_good },
|
||||
{ (app["File"].Length > 0) ? app["File"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "adu8v298hfubibuidiy2422r", !String.IsNullOrEmpty(app["interestingFileRights"]) ? ansi_color_bad : ansi_color_good },
|
||||
{ (app["Reg"].Length > 0) ? app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?") : "o8a7eduia37ibduaunbf7a4g7ukdhk4ua", (app["isWritableReg"].ToLower() == "true") ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
StyleSheet styleSheetAA = new StyleSheet(color_default);
|
||||
styleSheetAA.AddStyle("FolderPerms", color_bad);
|
||||
@ -1015,10 +1016,10 @@ namespace winPEAS
|
||||
if (!String.IsNullOrEmpty(app["Folder"]))
|
||||
styleSheetAA.AddStyle(app["Folder"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
|
||||
}
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(string1, colorsA);
|
||||
Beaprint.AnsiiPrint(string2, colorsA);
|
||||
Beaprint.AnsiPrint(string1, colorsA);
|
||||
Beaprint.AnsiPrint(string2, colorsA);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1074,10 +1075,10 @@ namespace winPEAS
|
||||
styleSheetAA.AddStyle(app["Reg"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)"), color_good);
|
||||
}
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Beaprint.AnsiiPrint(string1, colorsA);
|
||||
Beaprint.AnsiiPrint(string2, colorsA);
|
||||
Beaprint.AnsiPrint(string1, colorsA);
|
||||
Beaprint.AnsiPrint(string2, colorsA);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1116,14 +1117,14 @@ namespace winPEAS
|
||||
if (String.IsNullOrEmpty(sapp["Description"]))
|
||||
formString += "\n {6}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsS = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Permissions.*", ansii_color_bad },
|
||||
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ "Permissions.*", ansi_color_bad },
|
||||
{ sapp["Action"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_rights.Count > 0 || dir_rights.Count > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
|
||||
Beaprint.AnsiPrint(String.Format(formString, sapp["Author"], sapp["Name"], sapp["Action"], String.Join(", ", file_rights), String.Join(", ", dir_rights), sapp["Trigger"], sapp["Description"]), colorsS);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1168,11 +1169,11 @@ namespace winPEAS
|
||||
try
|
||||
{
|
||||
Beaprint.MainPrint("Network Shares", "T1135");
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ badShares, ansii_color_bad },
|
||||
{ badShares, ansi_color_bad },
|
||||
};
|
||||
Beaprint.ListPrint(NetworkInfo.GetNetworkShares("127.0.0.1"), colorsN);
|
||||
}
|
||||
@ -1222,7 +1223,7 @@ namespace winPEAS
|
||||
if (card["arp"].Length > 1)
|
||||
formString += "\n\tKnown hosts:\n{6}";
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(String.Format(formString, card["Name"], card["PysicalAddr"], card["IPs"], card["Netmasks"].Replace(", 0.0.0.0", ""), card["Gateways"], card["DNSs"], card["arp"]));
|
||||
}
|
||||
@ -1256,14 +1257,14 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("", "Check for services restricted from the outside");
|
||||
List<List<string>> conns = NetworkInfo.GetNetConnections();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ badIps, ansii_color_bad },
|
||||
{ badIps, ansi_color_bad },
|
||||
};
|
||||
foreach (List<string> conn in conns)
|
||||
Beaprint.AnsiiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
|
||||
Beaprint.AnsiPrint(String.Format(" {0,-10}{1,-23}{2,-23}{3}", conn[0], conn[1], conn[2], conn[3]), colorsN);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1305,15 +1306,15 @@ namespace winPEAS
|
||||
formString += "\n Folder Permissions: {9}";
|
||||
formString += "\n {10}";
|
||||
|
||||
if (using_ansii) {
|
||||
if (using_ansi) {
|
||||
Dictionary<string, string> colorsN = new Dictionary<string, string>()
|
||||
{
|
||||
{ strFalse, ansii_color_bad },
|
||||
{ strTrue, ansii_color_good },
|
||||
{ "File Permissions.*|Folder Permissions.*", ansii_color_bad },
|
||||
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansii_color_bad : ansii_color_good },
|
||||
{ strFalse, ansi_color_bad },
|
||||
{ strTrue, ansi_color_good },
|
||||
{ "File Permissions.*|Folder Permissions.*", ansi_color_bad },
|
||||
{ rule["AppName"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?"), (file_perms.Length > 0 || folder_perms.Length > 0) ? ansi_color_bad : ansi_color_good },
|
||||
};
|
||||
Beaprint.AnsiiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
|
||||
Beaprint.AnsiPrint(String.Format(formString, rule["Profiles"], rule["Name"], rule["AppName"], rule["Action"], rule["Protocol"], rule["Direction"], rule["Direction"] == "IN" ? rule["Local"] : rule["Remote"], rule["Direction"] == "IN" ? rule["Remote"] : rule["Local"], file_perms, folder_perms, rule["Description"]), colorsN);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1382,11 +1383,11 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
|
||||
List<Dictionary<string, string>> vault_creds = KnownFileCredsInfo.DumpVault();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ "Identity.*|Credential.*", ansii_color_bad },
|
||||
{ "Identity.*|Credential.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.DictPrint(vault_creds, colorsC, true);
|
||||
}
|
||||
@ -1413,13 +1414,13 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-manager-windows-vault");
|
||||
if (exec_cmd)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ "User:.*", ansii_color_bad },
|
||||
{ "User:.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.AnsiiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
|
||||
Beaprint.AnsiPrint(MyUtils.ExecCMD("cmdkey /list"), colorsC);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1580,13 +1581,13 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Looking saved Wifis", "");
|
||||
if (exec_cmd)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsC = new Dictionary<string, string>()
|
||||
{
|
||||
{ ": .*", ansii_color_bad },
|
||||
{ ": .*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.AnsiiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
|
||||
Beaprint.AnsiPrint(" " + MyUtils.ExecCMD("netsh wlan show profile"), colorsC);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1757,16 +1758,16 @@ namespace winPEAS
|
||||
List<string> firefoxHist = KnownFileCredsInfo.GetFirefoxHistory();
|
||||
if (firefoxHist.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in firefoxHist)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1831,16 +1832,16 @@ namespace winPEAS
|
||||
|
||||
if (history.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in history)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1877,11 +1878,11 @@ namespace winPEAS
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#browsers-history");
|
||||
List<string> urls = KnownFileCredsInfo.GetCurrentIETabs();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
Beaprint.ListPrint(urls, colorsB);
|
||||
}
|
||||
@ -1910,16 +1911,16 @@ namespace winPEAS
|
||||
|
||||
if (history.Count > 0)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorsB = new Dictionary<string, string>()
|
||||
{
|
||||
{ print_credStrings, ansii_color_bad },
|
||||
{ print_credStrings, ansi_color_bad },
|
||||
};
|
||||
foreach (string url in history)
|
||||
{
|
||||
if (MyUtils.ContainsAnyRegex(url.ToUpper(), credStringsRegex))
|
||||
Beaprint.AnsiiPrint(" " + url, colorsB);
|
||||
Beaprint.AnsiPrint(" " + url, colorsB);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1967,11 +1968,11 @@ namespace winPEAS
|
||||
Beaprint.MainPrint("Putty Sessions", "");
|
||||
List<Dictionary<string, string>> putty_sess = KnownFileCredsInfo.GetPuttySessions();
|
||||
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
{
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ "ProxyPassword.*", ansii_color_bad },
|
||||
{ "ProxyPassword.*", ansi_color_bad },
|
||||
};
|
||||
Beaprint.DictPrint(putty_sess, colorF, true);
|
||||
}
|
||||
@ -2071,7 +2072,7 @@ namespace winPEAS
|
||||
styleSheetPCF.AddStyle(pattern_color, color_bad);
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ pattern_color, ansii_color_bad },
|
||||
{ pattern_color, ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking for possible password files in users homes", "T1083&T1081");
|
||||
@ -2082,8 +2083,8 @@ namespace winPEAS
|
||||
{
|
||||
if (!Path.GetFileName(file_path).Contains("."))
|
||||
{
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(" " + file_path, colorF);
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(" " + file_path, colorF);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
|
||||
}
|
||||
@ -2093,8 +2094,8 @@ namespace winPEAS
|
||||
{
|
||||
if (file_path.Contains(ext))
|
||||
{
|
||||
if (using_ansii)
|
||||
Beaprint.AnsiiPrint(" " + file_path, colorF);
|
||||
if (using_ansi)
|
||||
Beaprint.AnsiPrint(" " + file_path, colorF);
|
||||
else
|
||||
Colorful.Console.WriteLineStyled(" " + file_path, styleSheetPCF);
|
||||
}
|
||||
@ -2117,7 +2118,7 @@ namespace winPEAS
|
||||
string pattern_bin = patterns_file_creds + ";*password*;*credential*";
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ patterns_file_creds + "|.*password.*|.*credential.*", ansii_color_bad },
|
||||
{ patterns_file_creds + "|.*password.*|.*credential.*", ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking inside the Recycle Bin for creds files", "T1083&T1081&T1145");
|
||||
@ -2129,7 +2130,7 @@ namespace winPEAS
|
||||
{
|
||||
if (Regex.Match(rec_file["Name"], pattern.Replace("*", ".*"), RegexOptions.IgnoreCase).Success)
|
||||
{
|
||||
if (using_ansii)
|
||||
if (using_ansi)
|
||||
Beaprint.DictPrint(rec_file, colorF, true);
|
||||
else
|
||||
Beaprint.DictPrint(rec_file, styleSheetRB, true);
|
||||
@ -2154,7 +2155,7 @@ namespace winPEAS
|
||||
styleSheetPCF.AddStyle(patterns_file_creds_color, color_bad);
|
||||
Dictionary<string, string> colorF = new Dictionary<string, string>()
|
||||
{
|
||||
{ patterns_file_creds_color, ansii_color_bad },
|
||||
{ patterns_file_creds_color, ansi_color_bad },
|
||||
};
|
||||
|
||||
Beaprint.MainPrint("Looking for possible known files that can contain creds", "T1083&T1081");
|
||||
@ -2253,8 +2254,11 @@ namespace winPEAS
|
||||
if (string.Equals(arg, "cmd", StringComparison.CurrentCultureIgnoreCase))
|
||||
exec_cmd = true;
|
||||
|
||||
if (string.Equals(arg, "ansii", StringComparison.CurrentCultureIgnoreCase))
|
||||
using_ansii = true;
|
||||
if (string.Equals(arg, "ansi", StringComparison.CurrentCultureIgnoreCase))
|
||||
using_ansi = true;
|
||||
|
||||
if (string.Equals(arg, "quiet", StringComparison.CurrentCultureIgnoreCase))
|
||||
banner = false;
|
||||
|
||||
if (string.Equals(arg, "help", StringComparison.CurrentCultureIgnoreCase))
|
||||
{
|
||||
|
@ -110,9 +110,9 @@ namespace winPEAS
|
||||
|
||||
if (_vulnerabilities.Any(e => e.Vulnerable))
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansii_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
|
||||
System.Console.WriteLine(Beaprint.GRAY + " Finished. Found " + Beaprint.ansi_color_bad + _vulnerabilities.Count(i => i.Vulnerable) + Beaprint.GRAY + " potential vulnerabilities." + Beaprint.NOCOLOR);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -722,7 +722,7 @@ namespace winPEAS
|
||||
{
|
||||
public static void FindVulns()
|
||||
{
|
||||
if (Program.using_ansii)
|
||||
if (Program.using_ansi)
|
||||
{
|
||||
System.Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by" + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR);
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<configuration>
|
||||
<startup>
|
||||
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
|
||||
</startup>
|
||||
</configuration>
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
Executable file
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
Executable file
Binary file not shown.
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache
Executable file
BIN
winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache
Executable file
Binary file not shown.
@ -30,3 +30,12 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEA
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
|
||||
|
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache
Executable file
BIN
winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\wi
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
|
||||
|
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
Binary file not shown.
Binary file not shown.
@ -6,3 +6,11 @@ C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\wi
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.Fody.CopyLocal.cache
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
|
||||
|
@ -1 +1 @@
|
||||
C:\Users\carlos\source\repos\PEASS\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
D:\shared\privilege-escalation-awesome-script-suite\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml
|
||||
|
Binary file not shown.
Binary file not shown.
@ -4,7 +4,8 @@
|
||||
<StartArguments>help</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
|
||||
<StartArguments>help</StartArguments>
|
||||
<StartArguments>
|
||||
</StartArguments>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
|
||||
<StartArguments>cmd fast</StartArguments>
|
||||
|
Loading…
x
Reference in New Issue
Block a user