Obfuscation anti AV

winPEAS/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019 Carlos Polop
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

winPEAS/README.md

@@ -1,18 +1,18 @@
 # Windows Privilege Escalation Awesome Scripts
 
-![](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
 
 Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
 
 Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
 
 ## WinPEAS .exe and .bat
-- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe)
+- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe)
-- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required)
+- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required)
 
 ## Let's improve PEASS together
 
-If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **Telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version.
+If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version.
 
 ## Please, if this tool has been useful for you consider to donate
 
@@ -24,8 +24,7 @@ Contact me and ask about the **Privilege Escalation Course** I am preparing for
 
 ## Advisory
 
-All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
-
 
 ## License
 

winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/build/Costura.Fody.props

@@ -1,5 +0,0 @@
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <WeaverFiles Include="$(MsBuildThisFileDirectory)..\weaver\$(MSBuildThisFileName).dll" />
-  </ItemGroup>
-</Project>

winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml

@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<doc>
-    <assembly>
-        <name>Costura</name>
-    </assembly>
-    <members>
-        <member name="T:CosturaUtility">
-            <summary>
-            Contains methods for interacting with the Costura system.
-            </summary>
-        </member>
-        <member name="M:CosturaUtility.Initialize">
-            <summary>
-            Call this to Initialize the Costura system.
-            </summary>
-        </member>
-    </members>
-</doc>

winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.xcf

@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<xs:complexType xmlns:xs="http://www.w3.org/2001/XMLSchema">
-  <xs:all>
-    <xs:element  minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
-      <xs:annotation>
-        <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
-      </xs:annotation>
-    </xs:element>
-    <xs:element  minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
-      <xs:annotation>
-        <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
-      </xs:annotation>
-    </xs:element>
-    <xs:element  minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
-      <xs:annotation>
-        <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
-      </xs:annotation>
-    </xs:element>
-    <xs:element  minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
-      <xs:annotation>
-        <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
-      </xs:annotation>
-    </xs:element>
-    <xs:element  minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
-      <xs:annotation>
-        <xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
-      </xs:annotation>
-    </xs:element>
-  </xs:all>
-  <xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="DisableCompression" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="DisableCleanup" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="LoadAtModuleInit" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
-    <xs:annotation>
-      <xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="ExcludeAssemblies" type="xs:string">
-    <xs:annotation>
-      <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="IncludeAssemblies" type="xs:string">
-    <xs:annotation>
-      <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="Unmanaged32Assemblies" type="xs:string">
-    <xs:annotation>
-      <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="Unmanaged64Assemblies" type="xs:string">
-    <xs:annotation>
-      <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-  <xs:attribute name="PreloadOrder" type="xs:string">
-    <xs:annotation>
-      <xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
-    </xs:annotation>
-  </xs:attribute>
-</xs:complexType>

winPEAS/winPEASexe/packages/Fody.6.0.0/build/Fody.targets

@@ -1,110 +0,0 @@
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-
-  <PropertyGroup>
-    <ProjectWeaverXml Condition="$(ProjectWeaverXml) == ''">$(ProjectDir)FodyWeavers.xml</ProjectWeaverXml>
-    <FodyPath Condition="$(FodyPath) == ''">$(MSBuildThisFileDirectory)..\</FodyPath>
-    <FodyAssemblyDirectory Condition="$(MSBuildRuntimeType) == 'Core'">$(FodyPath)netstandardtask</FodyAssemblyDirectory>
-    <FodyAssemblyDirectory Condition="$(MSBuildRuntimeType) != 'Core'">$(FodyPath)netclassictask</FodyAssemblyDirectory>
-    <FodyAssembly Condition="$(FodyAssembly) == ''">$(FodyAssemblyDirectory)\Fody.dll</FodyAssembly>
-    <DefaultItemExcludes>$(DefaultItemExcludes);FodyWeavers.xsd</DefaultItemExcludes>
-    <FodyGenerateXsd Condition="$(FodyGenerateXsd) == ''">true</FodyGenerateXsd>
-    <MsBuildMajorVersion>15</MsBuildMajorVersion>
-    <MsBuildMajorVersion Condition="'$(MSBuildVersion)' != ''">$([System.Version]::Parse($(MSBuildVersion)).Major)</MsBuildMajorVersion>
-  </PropertyGroup>
-
-  <ItemGroup Condition="Exists($(ProjectWeaverXml))">
-    <UpToDateCheckInput Include="$(ProjectWeaverXml)" />
-    <CustomAdditionalCompileInputs Include="$(ProjectWeaverXml)" />
-  </ItemGroup>
-
-  <!-- Support for NCrunch -->
-  <ItemGroup Condition="'$(NCrunch)' == '1' and '$(TargetFramework)' == '' and '$(TargetFrameworks)' == ''">
-    <None Include="$(FodyAssemblyDirectory)\*.*" />
-    <None Include="@(WeaverFiles)" />
-  </ItemGroup>
-
-  <UsingTask TaskName="Fody.WeavingTask" AssemblyFile="$(FodyAssembly)" />
-  <UsingTask TaskName="Fody.UpdateReferenceCopyLocalTask" AssemblyFile="$(FodyAssembly)" />
-  <UsingTask TaskName="Fody.VerifyTask" AssemblyFile="$(FodyAssembly)" />
-
-  <Target
-      Name="FodyTarget"
-      AfterTargets="AfterCompile"
-      Condition="Exists(@(IntermediateAssembly)) And $(DesignTimeBuild) != true And $(DisableFody) != true"
-      DependsOnTargets="$(FodyDependsOnTargets)"
-      Inputs="@(IntermediateAssembly);$(ProjectWeaverXml)"
-      Outputs="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache">
-
-    <Error Condition="($(MsBuildMajorVersion) &lt; 16)"
-           Text="Fody is only supported on MSBuild 16 and above. Current version: $(MsBuildMajorVersion)." />
-    <Fody.WeavingTask
-        AssemblyFile="@(IntermediateAssembly)"
-        IntermediateDirectory="$(ProjectDir)$(IntermediateOutputPath)"
-        KeyOriginatorFile="$(KeyOriginatorFile)"
-        AssemblyOriginatorKeyFile="$(AssemblyOriginatorKeyFile)"
-        ProjectDirectory="$(MSBuildProjectDirectory)"
-        ProjectFile="$(MSBuildProjectFullPath)"
-        SolutionDirectory="$(SolutionDir)"
-        References="@(ReferencePath)"
-        SignAssembly="$(SignAssembly)"
-        ReferenceCopyLocalFiles="@(ReferenceCopyLocalPaths)"
-        DefineConstants="$(DefineConstants)"
-        DebugType="$(DebugType)"
-        DocumentationFile="@(DocFileItem->'%(FullPath)')"
-        WeaverFiles="@(WeaverFiles)"
-        NCrunchOriginalSolutionDirectory="$(NCrunchOriginalSolutionDir)"
-        IntermediateCopyLocalFilesCache="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache"
-        GenerateXsd="$(FodyGenerateXsd)"
-      >
-
-      <Output
-        TaskParameter="ExecutedWeavers"
-        PropertyName="FodyExecutedWeavers" />
-
-    </Fody.WeavingTask>
-
-    <ItemGroup>
-      <FileWrites Include="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache" />
-    </ItemGroup>
-
-  </Target>
-
-  <Target
-      Name="FodyUpdateCopyLocalFilesTarget"
-      AfterTargets="FodyTarget"
-    >
-
-    <Fody.UpdateReferenceCopyLocalTask
-        ReferenceCopyLocalFiles="@(ReferenceCopyLocalPaths)"
-        IntermediateCopyLocalFilesCache="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache"
-      >
-
-      <Output
-        TaskParameter="UpdatedReferenceCopyLocalFiles"
-        ItemName="FodyUpdatedReferenceCopyLocalPaths" />
-
-    </Fody.UpdateReferenceCopyLocalTask>
-
-    <ItemGroup>
-      <ReferenceCopyLocalPaths Remove="@(ReferenceCopyLocalPaths)" />
-      <ReferenceCopyLocalPaths Include="@(FodyUpdatedReferenceCopyLocalPaths)" />
-    </ItemGroup>
-
-  </Target>
-
-  <Target
-      Name="FodyVerifyTarget"
-      AfterTargets="AfterBuild"
-      Condition="'$(NCrunch)' != '1' And $(FodyExecutedWeavers) != '' And $(DisableFody) != true"
-      DependsOnTargets="$(FodyVerifyDependsOnTargets)">
-
-    <Fody.VerifyTask
-        ProjectDirectory="$(MSBuildProjectDirectory)"
-        TargetPath="$(TargetPath)"
-        SolutionDirectory="$(SolutionDir)"
-        DefineConstants="$(DefineConstants)"
-        NCrunchOriginalSolutionDirectory="$(NCrunchOriginalSolutionDir)"
-      />
-  </Target>
-
-</Project>

winPEAS/winPEASexe/winPEAS/Beaprint.cs

@@ -1,7 +1,5 @@
-//using Colorful; // http://colorfulconsole.com/
+using System;
-using System;
 using System.Collections.Generic;
-using System.Drawing;
 using System.Text.RegularExpressions;
 using System.Threading;
 
@@ -20,10 +18,10 @@ namespace winPEAS
         static string BLUE = "\x1b[34m";
         public static string LBLUE = "\x1b[1;34m";
         static string MAGENTA = "\x1b[1:35m";
-        static string LMAGENTA = "\x1b[1;35m";
+        //static string LMAGENTA = "\x1b[1;35m";
         static string CYAN = "\x1b[36m";
         static string LCYAN = "\x1b[1;36m";
-        static string REDYELLOW = "\x1b[31;103m";
+        //static string REDYELLOW = "\x1b[31;103m";
         public static string NOCOLOR = "\x1b[0m";
         public static string ansi_color_bad = RED;
         public static string ansi_color_good = GREEN;
@@ -39,8 +37,6 @@ namespace winPEAS
         /////////////////////////////////
         public static void PrintBanner()
         {
-            try
-            {
                 System.Console.WriteLine(BLUE + String.Format(@"     
              {0}*((,.,/((((((((((((((((((((/,  */               
       {0},/*,..*((((((((((((((((((((((((((((((((((,           
@@ -73,47 +69,30 @@ namespace winPEAS
                 System.Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Program.advisory);
                 System.Console.WriteLine();
                 Thread.Sleep(700);
-            }
-            catch (Exception ex)
-            {
-                GrayPrint("Error in PrintBanner: " + ex);
-            }
         }
 
         public static void PrintInit()
         {
-            try
+            if (Program.banner)
-            {
+                PrintBanner();
-                if (Program.banner)
+
-                    PrintBanner();
+            System.Console.WriteLine(YELLOW + "  WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR);
+            System.Console.WriteLine();
+            PrintLeyend();
+            System.Console.WriteLine();
+            LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
 
-                System.Console.WriteLine(YELLOW + "  WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR);
-                System.Console.WriteLine();
-                PrintLeyend();
-                System.Console.WriteLine();
-                LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
-            }
-            catch(Exception ex)
-            {
-                GrayPrint("Error in PrintInit: " + ex);
-            }
         }
 
         static void PrintLeyend()
         {
-            try
+            System.Console.WriteLine(YELLOW + "  [+] " + GREEN + "Leyend:" + NOCOLOR);
-            {
+            System.Console.WriteLine(RED + "         Red" + GRAY + "                Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
-                System.Console.WriteLine(YELLOW + "  [+] " + GREEN + "Leyend:" + NOCOLOR);
+            System.Console.WriteLine(GREEN + "         Green" + GRAY + "              Indicates that some protection is enabled or something is well configured" + NOCOLOR);
-                System.Console.WriteLine(RED + "         Red" + GRAY + "                Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
+            System.Console.WriteLine(CYAN + "         Cyan" + GRAY + "               Indicates active users" + NOCOLOR);
-                System.Console.WriteLine(GREEN + "         Green" + GRAY + "              Indicates that some protection is enabled or something is well configured" + NOCOLOR);
+            System.Console.WriteLine(BLUE + "         Blue" + GRAY + "               Indicates disabled users" + NOCOLOR);
-                System.Console.WriteLine(CYAN + "         Cyan" + GRAY + "               Indicates active users" + NOCOLOR);
+            System.Console.WriteLine(LYELLOW + "         LightYellow" + GRAY + "        Indicates links" + NOCOLOR);
-                System.Console.WriteLine(BLUE + "         Blue" + GRAY + "               Indicates disabled users" + NOCOLOR);
+
-                System.Console.WriteLine(LYELLOW + "         LightYellow" + GRAY + "        Indicates links" + NOCOLOR);
-            }
-            catch(Exception ex)
-            {
-                GrayPrint("Error in PrintLeyend: " + ex);
-            }
         }
 
         public static void PrintUsage()
@@ -142,54 +121,27 @@ namespace winPEAS
         /////////////////////////////////
         public static void GreatPrint(string toPrint)
         {
-            try
+
-            {
+            System.Console.WriteLine();
-                System.Console.WriteLine();
+            System.Console.WriteLine();
-                System.Console.WriteLine();
+            int halfTotal = 60;
-                int halfTotal = 60;
+            System.Console.WriteLine(LCYAN + "  " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
-                System.Console.WriteLine(LCYAN + "  " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
-            }
         }
 
         public static void MainPrint(string toPrint, string attackid)
         {
-            try
+            System.Console.WriteLine();
-            {
+            System.Console.WriteLine(YELLOW + "  [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR);
-                System.Console.WriteLine();
-                System.Console.WriteLine(YELLOW + "  [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR);
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
-            }
         }
 
         public static void LinkPrint(string link, string comment = "")
         {
-            try
+            System.Console.WriteLine(YELLOW + "   [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
-            {
-                System.Console.WriteLine(YELLOW + "   [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
-            }
         }
 
         public static void InfoPrint(string toPrint)
         {
-            try
+            System.Console.WriteLine(YELLOW + "    [i] " + LBLUE + toPrint + NOCOLOR);
-            {
-                System.Console.WriteLine(YELLOW + "    [i] " + LBLUE + toPrint + NOCOLOR);
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
-            }
         }
 
         public static void NotFoundPrint()
@@ -247,131 +199,92 @@ namespace winPEAS
         }
         public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls, bool no_gray = false)
         {
-            try
+            foreach (KeyValuePair<string, string> entry in dicprint)
             {
-                foreach (KeyValuePair<string, string> entry in dicprint)
+                if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim()))
-                {
+                    continue;
-                    if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim()))
+                string value = entry.Value;
-                        continue;
+                string key = entry.Key;
-                    string value = entry.Value;
+                string line = "";
-                    string key = entry.Key;
+                if (!no_gray)
-                    string line = "";
+                    line = ansi_color_gray + "    " + key + ": " + NOCOLOR + value;
-                    if (! no_gray)
+                else
-                        line = ansi_color_gray + "    " + key + ": " + NOCOLOR + value;
+                    line = "    " + key + ": " + value;
-                    else
-                        line = "    " + key + ": " + value;
 
-                    foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
+                foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
-                        line = Regexansi(line, color.Value, color.Key);
+                    line = Regexansi(line, color.Value, color.Key);
-                    
+
-                    System.Console.WriteLine(line);
+                System.Console.WriteLine(line);
-                }
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+
         }
         public static void DictPrint(Dictionary<string, string> dicprint, bool delete_nulls)
         {
-            try
+            if (dicprint.Count > 0)
             {
-                if (dicprint.Count > 0)
+                foreach (KeyValuePair<string, string> entry in dicprint)
                 {
-                    foreach (KeyValuePair<string, string> entry in dicprint)
+                    if (delete_nulls && String.IsNullOrEmpty(entry.Value))
-                    {
+                        continue;
-                        if (delete_nulls && String.IsNullOrEmpty(entry.Value))
+                    System.Console.WriteLine(ansi_color_gray + "    " + entry.Key + ": " + NOCOLOR + entry.Value);
-                            continue;
-                        System.Console.WriteLine(ansi_color_gray + "    " + entry.Key + ": " + NOCOLOR + entry.Value);
-                    }
                 }
-                else
-                    NotFoundPrint();
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+            else
+                NotFoundPrint();
         }
 
         public static void DictPrint(List<Dictionary<string, string>> listdicprint, bool delete_nulls)
         {
-            try
+            if (listdicprint.Count > 0)
             {
-                if (listdicprint.Count > 0)
+                foreach (Dictionary<string, string> dicprint in listdicprint)
                 {
-                    foreach (Dictionary<string, string> dicprint in listdicprint)
+                    DictPrint(dicprint, delete_nulls);
-                    {
+                    PrintLineSeparator();
-                        DictPrint(dicprint, delete_nulls);
-                        PrintLineSeparator();
-                    }
                 }
-                else
-                    NotFoundPrint();
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+            else
+                NotFoundPrint();
         }
 
         public static void DictPrint(Dictionary<string, object> dicprint, bool delete_nulls)
         {
-            try
+
+            if (dicprint != null)
             {
-                if (dicprint != null)
+                Dictionary<string, string> results = new Dictionary<string, string>();
-                {
+                foreach (KeyValuePair<string, object> entry in dicprint)
-                    Dictionary<string, string> results = new Dictionary<string, string>();
+                    results[entry.Key] = String.Format("{0}", entry.Value);
-                    foreach (KeyValuePair<string, object> entry in dicprint)
+                DictPrint(results, delete_nulls);
-                        results[entry.Key] = String.Format("{0}", entry.Value);
-                    DictPrint(results, delete_nulls);
-                }
-                else
-                    NotFoundPrint();
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+            else
+                NotFoundPrint();
+
         }
 
         public static void DictPrint(List<Dictionary<string, string>> listdicprint, Dictionary<string, string> colors, bool delete_nulls, bool no_gray = false)
         {
-            try
+            if (listdicprint.Count > 0)
             {
-                if (listdicprint.Count > 0)
+                foreach (Dictionary<string, string> dicprint in listdicprint)
                 {
-                    foreach (Dictionary<string, string> dicprint in listdicprint)
+                    DictPrint(dicprint, colors, delete_nulls, no_gray);
-                    {
+                    PrintLineSeparator();
-                        DictPrint(dicprint, colors, delete_nulls, no_gray);
-                        PrintLineSeparator();
-                    }
                 }
-                else
-                    NotFoundPrint();
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+            else
+                NotFoundPrint();
         }
 
         public static void ListPrint(List<string> list_to_print)
         {
-            try
+            if (list_to_print.Count > 0)
             {
-                if (list_to_print.Count > 0)
+                foreach (string elem in list_to_print)
-                {
+                    System.Console.WriteLine("    " + elem);
-                    foreach (string elem in list_to_print)
-                        System.Console.WriteLine("    " + elem);
-                }
-                else
-                    NotFoundPrint();
-            }
-            catch (Exception ex)
-            {
-                GrayPrint(String.Format("{0}", ex));
             }
+            else
+                NotFoundPrint();
         }
 
         public static void ListPrint(List<string> list_to_print, Dictionary<string, string> dic_colors)
@@ -401,10 +314,10 @@ namespace winPEAS
             BLUE = "";
             LBLUE = "";
             MAGENTA = "";
-            LMAGENTA = "";
+            //LMAGENTA = "";
             CYAN = "";
             LCYAN = "";
-            REDYELLOW = "";
+            //REDYELLOW = "";
             NOCOLOR = "";
             ansi_color_bad = "";
             ansi_color_good = "";

winPEAS/winPEASexe/winPEAS/KnownFileCredsInfo.cs

@@ -1,5 +1,4 @@
-using CredentialManagement;
+using Microsoft.Win32;
-using Microsoft.Win32;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -829,11 +828,6 @@ namespace winPEAS
             return results;
         }
 
-        public static void GetCredsCredmanager()
-        {
-            var cm = new Credential { };
-            cm.Load();
-        }
 
         public static List<Dictionary<string, string>> GetSavedRDPConnections()
         {
@@ -2007,25 +2001,7 @@ namespace winPEAS
                 return false;
             }
         }
-        public static IEnumerable<string> Split(string text, int partLength)
-        {
-            if (text == null) { Console.WriteLine("[ERROR] Split() - singleLineString"); }
-            if (partLength < 1) { Console.WriteLine("[ERROR] Split() - 'columns' must be greater than 0."); }
 
-            var partCount = Math.Ceiling((double)text.Length / partLength);
-            if (partCount < 2)
-            {
-                yield return text;
-            }
-
-            for (int i = 0; i < partCount; i++)
-            {
-                var index = i * partLength;
-                var lengthLeft = Math.Min(partLength, text.Length - index);
-                var line = text.Substring(index, lengthLeft);
-                yield return line;
-            }
-        }
         public static List<Dictionary<string, string>> ListKerberosTickets()
         {
             if (MyUtils.IsHighIntegrity())
@@ -2194,6 +2170,7 @@ namespace winPEAS
             }
             return results;
         }
+
         public static List<Dictionary<string, string>> ListKerberosTicketsCurrentUser()
         {
             List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
@@ -2294,6 +2271,7 @@ namespace winPEAS
                 return ListKerberosTGTDataCurrentUser();
             }
         }
+
         public static List<Dictionary<string, string>> ListKerberosTGTDataAllUsers()
         {
             List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();

winPEAS/winPEASexe/winPEAS/MyUtils.cs

@@ -9,7 +9,6 @@ using System.Text.RegularExpressions;
 using System.Reflection;
 using System.Security.AccessControl;
 using System.Runtime.InteropServices;
-//using Colorful;
 using System.Threading;
 
 namespace winPEAS
@@ -623,22 +622,6 @@ namespace winPEAS
         //////////////////////
         //////// MISC ////////
         //////////////////////
-        public static Dictionary<string, string> RemoveEmptyKeys(Dictionary<string, string> dic_in)
-        {
-            Dictionary<string, string> results = new Dictionary<string, string>();
-            try
-            {
-                foreach (KeyValuePair<string, string> entry in dic_in)
-                    if (!String.IsNullOrEmpty(entry.Value.Trim()))
-                        results[entry.Key] = entry.Value;
-                return results;
-            }
-            catch (Exception ex)
-            {
-                Beaprint.GrayPrint(String.Format("  [X] Exception: {0}", ex.Message));
-            }
-            return results;
-        }
         public static List<string> ListFolder(String path)
         {
             string root = @Path.GetPathRoot(Environment.SystemDirectory) + path;

winPEAS/winPEASexe/winPEAS/Program.cs

@@ -1,5 +1,4 @@
-//using Colorful; // http://colorfulconsole.com/
+using System;
-using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Management;
@@ -654,33 +653,31 @@ namespace winPEAS
         {
             void PrintInterestingProcesses()
             {
-                /* Colors Code
-                 * RED:
-                 * ---- Write privileges in path
-                 * ---- Different Owner than myself
-                 * GREEN:
-                 * ---- No Write privileges in path
-                 * MAGENTA:
-                 * ---- Current username
-                */
                 try
                 {
                     Beaprint.MainPrint("Interesting Processes -non Microsoft-", "T1010&T1057&T1007");
                     Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes", "Check if any interesting proccesses for memmory dump or if you could overwrite some binary running");
-                    List<Dictionary<string, string>> processes_info = ProcessesInfo.GetProcessInfo();
+                    List<Dictionary<string, string>> processes_info = ProcessesInfo.GetProcInfo();
                     foreach (Dictionary<string, string> proc_info in processes_info)
                     {
+                        Dictionary<string, string> colorsP = new Dictionary<string, string>()
+                        {
+                            { " "+currentUserName, Beaprint.ansi_current_user },
+                            { "Permissions:.*", Beaprint.ansi_color_bad },
+                            { "Possible DLL Hijacking.*", Beaprint.ansi_color_bad },
+                        };
+
                         if (ProcessesInfo.defensiveProcesses.ContainsKey(proc_info["Name"]))
                         {
-                            proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString();
+                            if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString()))
+                                proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString();
+                            colorsP[proc_info["Product"]] = Beaprint.ansi_color_good;
                         }
                         else if (ProcessesInfo.interestingProcesses.ContainsKey(proc_info["Name"]))
                         {
-                            proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString();
+                            if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString()))
-                        }
+                                proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString();
-                        else if (ProcessesInfo.browserProcesses.ContainsKey(proc_info["Name"]))
+                            colorsP[proc_info["Product"]] = Beaprint.ansi_color_bad;
-                        {
-                            proc_info["Product"] = ProcessesInfo.browserProcesses[proc_info["Name"]].ToString();
                         }
 
                         List<string> file_rights = MyUtils.GetPermissionsFile(proc_info["ExecutablePath"], currentUserSIDs);
@@ -688,6 +685,8 @@ namespace winPEAS
                         if (proc_info["ExecutablePath"] != null && proc_info["ExecutablePath"] != "")
                             dir_rights = MyUtils.GetPermissionsFolder(Path.GetDirectoryName(proc_info["ExecutablePath"]), currentUserSIDs);
 
+                        colorsP[proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+", "\\+") + "[^\"^']"] = (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good;
+
                         string formString = "    {0}({1})[{2}]";
                         if (proc_info["Product"] != null && proc_info["Product"].Length > 1)
                             formString += ": {3}";
@@ -702,13 +701,7 @@ namespace winPEAS
                         if (proc_info["CommandLine"].Length > 1)
                             formString += "\n    "+ Beaprint.ansi_color_gray + "Command Line: {9}";
 
-                        Dictionary<string, string> colorsP = new Dictionary<string, string>()
+                        
-                        {
-                            { " "+currentUserName, Beaprint.ansi_current_user },
-                            { "Permissions:.*", Beaprint.ansi_color_bad },
-                            { "Possible DLL Hijacking.*", Beaprint.ansi_color_bad },
-                            { proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+","\\+")+"[^\"^']", (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good },
-                        };
                         Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
                         Beaprint.PrintLineSeparator();
                     }

winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs

@@ -5,11 +5,11 @@ using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
-[assembly: AssemblyTitle("winPEAS")]
+[assembly: AssemblyTitle("asdas2dasd")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("winPEAS")]
+[assembly: AssemblyProduct("asdas2dasd")]
 [assembly: AssemblyCopyright("Copyright ©  2019")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
@@ -20,7 +20,7 @@ using System.Runtime.InteropServices;
 [assembly: ComVisible(false)]
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("d934058e-a7db-493f-a741-ae8e3df867f4")]
+[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
 
 // Version information for an assembly consists of the following four values:
 //

winPEAS/winPEASexe/winPEAS/ServicesInfo.cs

@@ -9,7 +9,6 @@ using System.ServiceProcess;
 using System.Reflection;
 using System.Security.AccessControl;
 using System.Runtime.InteropServices;
-using System.Security.Principal;
 
 namespace winPEAS
 {

winPEAS/winPEASexe/winPEAS/UserInfo.cs

@@ -564,6 +564,7 @@ namespace winPEAS
             }
             return user;
         }
+
         public static UserPrincipal GetUserLocal(string sUserName)
         {
             // Extract local user information
@@ -575,6 +576,7 @@ namespace winPEAS
             user = searcher.FindOne() as UserPrincipal;
             return user;
         }
+
         public static UserPrincipal GetUserDomain(string sUserName, string domain)
         {
             //if not local, try to extract domain user information
@@ -979,8 +981,8 @@ namespace winPEAS
                 else if (Clipboard.ContainsFileDropList())
                     c = String.Format("{0}", Clipboard.GetFileDropList());
 
-                else if (Clipboard.ContainsImage())
+                //else if (Clipboard.ContainsImage()) //No system.Drwing import
-                    c = String.Format("{0}", Clipboard.GetImage());
+                    //c = String.Format("{0}", Clipboard.GetImage());
             }
             catch (Exception ex)
             {

winPEAS/winPEASexe/winPEAS/Watson.cs

@@ -1,7 +1,5 @@
-//using Colorful;
+using System;
-using System;
 using System.Collections.Generic;
-using System.Drawing;
 using System.Linq;
 using System.Management;
 

winPEAS/winPEASexe/winPEAS/bin/Release/Dotfuscator1.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<!--This config file was generated by Dotfuscator. Please use the Dotfuscator Config Editor to modify.-->
+<!DOCTYPE dotfuscator SYSTEM "http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v2.5.dtd">
+<dotfuscator version="2.3">
+  <global>
+    <option>debugauto</option>
+  </global>
+  <input>
+    <loadpaths />
+    <asmlist>
+      <inputassembly refid="e530c479-7674-4845-a184-2dc88a7a642f">
+        <option>honoroas</option>
+        <option>stripoa</option>
+        <option>library</option>
+        <option>transformxaml</option>
+        <file dir="D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release" name="Microsoft.Win32.TaskScheduler.dll" />
+      </inputassembly>
+      <inputassembly refid="bf3fde19-95ca-4d0e-b46f-6136ba4e2100">
+        <option>honoroas</option>
+        <option>stripoa</option>
+        <option>library</option>
+        <option>transformxaml</option>
+        <file dir="D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release" name="winPEAS.exe" />
+      </inputassembly>
+    </asmlist>
+  </input>
+  <output>
+    <file dir="${configdir}\Dotfuscated" />
+  </output>
+  <renaming>
+    <option>xmlserialization</option>
+    <mapping>
+      <mapoutput overwrite="false">
+        <file dir="${configdir}\Dotfuscated" name="Map.xml" />
+      </mapoutput>
+    </mapping>
+    <referencerulelist>
+      <referencerule rulekey="{6655B10A-FD58-462d-8D4F-5B1316DFF0FF}" />
+      <referencerule rulekey="{7D9C8B02-2383-420f-8740-A9760394C2C1}" />
+      <referencerule rulekey="{229FD6F8-5BCC-427b-8F72-A7A413ECDF1A}" />
+      <referencerule rulekey="{2B7E7C8C-A39A-4db8-9DFC-6AFD38509061}" />
+      <referencerule rulekey="{494EA3BA-B947-44B5-BEE8-A11CC85AAF9B}" />
+      <referencerule rulekey="{89769974-93E9-4e71-8D92-BE70E855ACFC}" />
+      <referencerule rulekey="{4D81E604-A545-4631-8B6D-C3735F793F80}" />
+      <referencerule rulekey="{62bd3899-7d53-4336-8ca2-4e5dbae187d5}" />
+    </referencerulelist>
+  </renaming>
+  <sos mergeruntime="true">
+    <option>version:v4</option>
+    <option>sendanalytics</option>
+    <option>dontsendtamper</option>
+  </sos>
+  <smartobfuscation>
+    <smartobfuscationreport verbosity="all" overwrite="false" />
+  </smartobfuscation>
+</dotfuscator>

winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt

@@ -47,3 +47,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.Fody.CopyLocal.cache

@@ -1 +0,0 @@
-D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt

@@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.Fody.CopyLocal.cache

@@ -1 +0,0 @@
-D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt

@@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
 D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
+D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.Fody.CopyLocal.cache

@@ -1 +0,0 @@
-D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml