1
mirror of https://github.com/carlospolop/PEASS-ng synced 2025-03-28 18:33:05 +01:00

Obfuscation anti AV

This commit is contained in:
carlospolop 2020-01-31 10:14:12 -05:00
parent 7d7e12c33d
commit c08744708c
102 changed files with 937 additions and 1236 deletions
linPEAS
winPEAS
LICENSEREADME.md
winPEASexe
images
packages
winPEAS
Beaprint.csKnownFileCredsInfo.csMyUtils.csProcessesInfo.csProgram.cs
Properties
ServicesInfo.csUserInfo.csWatson.cs
bin
obj

0
linPEAS/linpeas.sh Executable file → Normal file

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2019 Carlos Polop
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

@ -1,18 +1,18 @@
# Windows Privilege Escalation Awesome Scripts # Windows Privilege Escalation Awesome Scripts
![](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png) ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)**
Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)**
## WinPEAS .exe and .bat ## WinPEAS .exe and .bat
- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe) - [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe)
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required) - [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required)
## Let's improve PEASS together ## Let's improve PEASS together
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **Telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version.
## Please, if this tool has been useful for you consider to donate ## Please, if this tool has been useful for you consider to donate
@ -24,8 +24,7 @@ Contact me and ask about the **Privilege Escalation Course** I am preparing for
## Advisory ## Advisory
All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
## License ## License

Binary file not shown.

After

(image error) Size: 31 KiB

@ -1,5 +0,0 @@
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<WeaverFiles Include="$(MsBuildThisFileDirectory)..\weaver\$(MSBuildThisFileName).dll" />
</ItemGroup>
</Project>

@ -1,18 +0,0 @@
<?xml version="1.0"?>
<doc>
<assembly>
<name>Costura</name>
</assembly>
<members>
<member name="T:CosturaUtility">
<summary>
Contains methods for interacting with the Costura system.
</summary>
</member>
<member name="M:CosturaUtility.Initialize">
<summary>
Call this to Initialize the Costura system.
</summary>
</member>
</members>
</doc>

@ -1,85 +0,0 @@
<?xml version="1.0" encoding="utf-8" ?>
<xs:complexType xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>

Binary file not shown.

Binary file not shown.

@ -1,110 +0,0 @@
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<ProjectWeaverXml Condition="$(ProjectWeaverXml) == ''">$(ProjectDir)FodyWeavers.xml</ProjectWeaverXml>
<FodyPath Condition="$(FodyPath) == ''">$(MSBuildThisFileDirectory)..\</FodyPath>
<FodyAssemblyDirectory Condition="$(MSBuildRuntimeType) == 'Core'">$(FodyPath)netstandardtask</FodyAssemblyDirectory>
<FodyAssemblyDirectory Condition="$(MSBuildRuntimeType) != 'Core'">$(FodyPath)netclassictask</FodyAssemblyDirectory>
<FodyAssembly Condition="$(FodyAssembly) == ''">$(FodyAssemblyDirectory)\Fody.dll</FodyAssembly>
<DefaultItemExcludes>$(DefaultItemExcludes);FodyWeavers.xsd</DefaultItemExcludes>
<FodyGenerateXsd Condition="$(FodyGenerateXsd) == ''">true</FodyGenerateXsd>
<MsBuildMajorVersion>15</MsBuildMajorVersion>
<MsBuildMajorVersion Condition="'$(MSBuildVersion)' != ''">$([System.Version]::Parse($(MSBuildVersion)).Major)</MsBuildMajorVersion>
</PropertyGroup>
<ItemGroup Condition="Exists($(ProjectWeaverXml))">
<UpToDateCheckInput Include="$(ProjectWeaverXml)" />
<CustomAdditionalCompileInputs Include="$(ProjectWeaverXml)" />
</ItemGroup>
<!-- Support for NCrunch -->
<ItemGroup Condition="'$(NCrunch)' == '1' and '$(TargetFramework)' == '' and '$(TargetFrameworks)' == ''">
<None Include="$(FodyAssemblyDirectory)\*.*" />
<None Include="@(WeaverFiles)" />
</ItemGroup>
<UsingTask TaskName="Fody.WeavingTask" AssemblyFile="$(FodyAssembly)" />
<UsingTask TaskName="Fody.UpdateReferenceCopyLocalTask" AssemblyFile="$(FodyAssembly)" />
<UsingTask TaskName="Fody.VerifyTask" AssemblyFile="$(FodyAssembly)" />
<Target
Name="FodyTarget"
AfterTargets="AfterCompile"
Condition="Exists(@(IntermediateAssembly)) And $(DesignTimeBuild) != true And $(DisableFody) != true"
DependsOnTargets="$(FodyDependsOnTargets)"
Inputs="@(IntermediateAssembly);$(ProjectWeaverXml)"
Outputs="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache">
<Error Condition="($(MsBuildMajorVersion) &lt; 16)"
Text="Fody is only supported on MSBuild 16 and above. Current version: $(MsBuildMajorVersion)." />
<Fody.WeavingTask
AssemblyFile="@(IntermediateAssembly)"
IntermediateDirectory="$(ProjectDir)$(IntermediateOutputPath)"
KeyOriginatorFile="$(KeyOriginatorFile)"
AssemblyOriginatorKeyFile="$(AssemblyOriginatorKeyFile)"
ProjectDirectory="$(MSBuildProjectDirectory)"
ProjectFile="$(MSBuildProjectFullPath)"
SolutionDirectory="$(SolutionDir)"
References="@(ReferencePath)"
SignAssembly="$(SignAssembly)"
ReferenceCopyLocalFiles="@(ReferenceCopyLocalPaths)"
DefineConstants="$(DefineConstants)"
DebugType="$(DebugType)"
DocumentationFile="@(DocFileItem->'%(FullPath)')"
WeaverFiles="@(WeaverFiles)"
NCrunchOriginalSolutionDirectory="$(NCrunchOriginalSolutionDir)"
IntermediateCopyLocalFilesCache="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache"
GenerateXsd="$(FodyGenerateXsd)"
>
<Output
TaskParameter="ExecutedWeavers"
PropertyName="FodyExecutedWeavers" />
</Fody.WeavingTask>
<ItemGroup>
<FileWrites Include="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache" />
</ItemGroup>
</Target>
<Target
Name="FodyUpdateCopyLocalFilesTarget"
AfterTargets="FodyTarget"
>
<Fody.UpdateReferenceCopyLocalTask
ReferenceCopyLocalFiles="@(ReferenceCopyLocalPaths)"
IntermediateCopyLocalFilesCache="$(IntermediateOutputPath)$(MSBuildProjectFile).Fody.CopyLocal.cache"
>
<Output
TaskParameter="UpdatedReferenceCopyLocalFiles"
ItemName="FodyUpdatedReferenceCopyLocalPaths" />
</Fody.UpdateReferenceCopyLocalTask>
<ItemGroup>
<ReferenceCopyLocalPaths Remove="@(ReferenceCopyLocalPaths)" />
<ReferenceCopyLocalPaths Include="@(FodyUpdatedReferenceCopyLocalPaths)" />
</ItemGroup>
</Target>
<Target
Name="FodyVerifyTarget"
AfterTargets="AfterBuild"
Condition="'$(NCrunch)' != '1' And $(FodyExecutedWeavers) != '' And $(DisableFody) != true"
DependsOnTargets="$(FodyVerifyDependsOnTargets)">
<Fody.VerifyTask
ProjectDirectory="$(MSBuildProjectDirectory)"
TargetPath="$(TargetPath)"
SolutionDirectory="$(SolutionDir)"
DefineConstants="$(DefineConstants)"
NCrunchOriginalSolutionDirectory="$(NCrunchOriginalSolutionDir)"
/>
</Target>
</Project>

@ -1,7 +1,5 @@
//using Colorful; // http://colorfulconsole.com/ using System;
using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Drawing;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using System.Threading; using System.Threading;
@ -20,10 +18,10 @@ namespace winPEAS
static string BLUE = "\x1b[34m"; static string BLUE = "\x1b[34m";
public static string LBLUE = "\x1b[1;34m"; public static string LBLUE = "\x1b[1;34m";
static string MAGENTA = "\x1b[1:35m"; static string MAGENTA = "\x1b[1:35m";
static string LMAGENTA = "\x1b[1;35m"; //static string LMAGENTA = "\x1b[1;35m";
static string CYAN = "\x1b[36m"; static string CYAN = "\x1b[36m";
static string LCYAN = "\x1b[1;36m"; static string LCYAN = "\x1b[1;36m";
static string REDYELLOW = "\x1b[31;103m"; //static string REDYELLOW = "\x1b[31;103m";
public static string NOCOLOR = "\x1b[0m"; public static string NOCOLOR = "\x1b[0m";
public static string ansi_color_bad = RED; public static string ansi_color_bad = RED;
public static string ansi_color_good = GREEN; public static string ansi_color_good = GREEN;
@ -39,8 +37,6 @@ namespace winPEAS
///////////////////////////////// /////////////////////////////////
public static void PrintBanner() public static void PrintBanner()
{ {
try
{
System.Console.WriteLine(BLUE + String.Format(@" System.Console.WriteLine(BLUE + String.Format(@"
{0}*((,.,/((((((((((((((((((((/, */ {0}*((,.,/((((((((((((((((((((/, */
{0},/*,..*((((((((((((((((((((((((((((((((((, {0},/*,..*((((((((((((((((((((((((((((((((((,
@ -73,47 +69,30 @@ namespace winPEAS
System.Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Program.advisory); System.Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Program.advisory);
System.Console.WriteLine(); System.Console.WriteLine();
Thread.Sleep(700); Thread.Sleep(700);
}
catch (Exception ex)
{
GrayPrint("Error in PrintBanner: " + ex);
}
} }
public static void PrintInit() public static void PrintInit()
{ {
try if (Program.banner)
{ PrintBanner();
if (Program.banner)
PrintBanner(); System.Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR);
System.Console.WriteLine();
PrintLeyend();
System.Console.WriteLine();
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
System.Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR);
System.Console.WriteLine();
PrintLeyend();
System.Console.WriteLine();
LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
}
catch(Exception ex)
{
GrayPrint("Error in PrintInit: " + ex);
}
} }
static void PrintLeyend() static void PrintLeyend()
{ {
try System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR);
{ System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR);
System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR); System.Console.WriteLine(GREEN + " Green" + GRAY + " Indicates that some protection is enabled or something is well configured" + NOCOLOR);
System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR); System.Console.WriteLine(CYAN + " Cyan" + GRAY + " Indicates active users" + NOCOLOR);
System.Console.WriteLine(GREEN + " Green" + GRAY + " Indicates that some protection is enabled or something is well configured" + NOCOLOR); System.Console.WriteLine(BLUE + " Blue" + GRAY + " Indicates disabled users" + NOCOLOR);
System.Console.WriteLine(CYAN + " Cyan" + GRAY + " Indicates active users" + NOCOLOR); System.Console.WriteLine(LYELLOW + " LightYellow" + GRAY + " Indicates links" + NOCOLOR);
System.Console.WriteLine(BLUE + " Blue" + GRAY + " Indicates disabled users" + NOCOLOR);
System.Console.WriteLine(LYELLOW + " LightYellow" + GRAY + " Indicates links" + NOCOLOR);
}
catch(Exception ex)
{
GrayPrint("Error in PrintLeyend: " + ex);
}
} }
public static void PrintUsage() public static void PrintUsage()
@ -142,54 +121,27 @@ namespace winPEAS
///////////////////////////////// /////////////////////////////////
public static void GreatPrint(string toPrint) public static void GreatPrint(string toPrint)
{ {
try
{ System.Console.WriteLine();
System.Console.WriteLine(); System.Console.WriteLine();
System.Console.WriteLine(); int halfTotal = 60;
int halfTotal = 60; System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR);
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
}
} }
public static void MainPrint(string toPrint, string attackid) public static void MainPrint(string toPrint, string attackid)
{ {
try System.Console.WriteLine();
{ System.Console.WriteLine(YELLOW + " [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR);
System.Console.WriteLine();
System.Console.WriteLine(YELLOW + " [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR);
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
}
} }
public static void LinkPrint(string link, string comment = "") public static void LinkPrint(string link, string comment = "")
{ {
try System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
{
System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR);
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
}
} }
public static void InfoPrint(string toPrint) public static void InfoPrint(string toPrint)
{ {
try System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR);
{
System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR);
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
}
} }
public static void NotFoundPrint() public static void NotFoundPrint()
@ -247,131 +199,92 @@ namespace winPEAS
} }
public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls, bool no_gray = false) public static void DictPrint(Dictionary<string, string> dicprint, Dictionary<string, string> ansi_colors_regexp, bool delete_nulls, bool no_gray = false)
{ {
try foreach (KeyValuePair<string, string> entry in dicprint)
{ {
foreach (KeyValuePair<string, string> entry in dicprint) if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim()))
{ continue;
if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim())) string value = entry.Value;
continue; string key = entry.Key;
string value = entry.Value; string line = "";
string key = entry.Key; if (!no_gray)
string line = ""; line = ansi_color_gray + " " + key + ": " + NOCOLOR + value;
if (! no_gray) else
line = ansi_color_gray + " " + key + ": " + NOCOLOR + value; line = " " + key + ": " + value;
else
line = " " + key + ": " + value;
foreach (KeyValuePair<string, string> color in ansi_colors_regexp) foreach (KeyValuePair<string, string> color in ansi_colors_regexp)
line = Regexansi(line, color.Value, color.Key); line = Regexansi(line, color.Value, color.Key);
System.Console.WriteLine(line); System.Console.WriteLine(line);
}
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
} }
public static void DictPrint(Dictionary<string, string> dicprint, bool delete_nulls) public static void DictPrint(Dictionary<string, string> dicprint, bool delete_nulls)
{ {
try if (dicprint.Count > 0)
{ {
if (dicprint.Count > 0) foreach (KeyValuePair<string, string> entry in dicprint)
{ {
foreach (KeyValuePair<string, string> entry in dicprint) if (delete_nulls && String.IsNullOrEmpty(entry.Value))
{ continue;
if (delete_nulls && String.IsNullOrEmpty(entry.Value)) System.Console.WriteLine(ansi_color_gray + " " + entry.Key + ": " + NOCOLOR + entry.Value);
continue;
System.Console.WriteLine(ansi_color_gray + " " + entry.Key + ": " + NOCOLOR + entry.Value);
}
} }
else
NotFoundPrint();
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
else
NotFoundPrint();
} }
public static void DictPrint(List<Dictionary<string, string>> listdicprint, bool delete_nulls) public static void DictPrint(List<Dictionary<string, string>> listdicprint, bool delete_nulls)
{ {
try if (listdicprint.Count > 0)
{ {
if (listdicprint.Count > 0) foreach (Dictionary<string, string> dicprint in listdicprint)
{ {
foreach (Dictionary<string, string> dicprint in listdicprint) DictPrint(dicprint, delete_nulls);
{ PrintLineSeparator();
DictPrint(dicprint, delete_nulls);
PrintLineSeparator();
}
} }
else
NotFoundPrint();
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
else
NotFoundPrint();
} }
public static void DictPrint(Dictionary<string, object> dicprint, bool delete_nulls) public static void DictPrint(Dictionary<string, object> dicprint, bool delete_nulls)
{ {
try
if (dicprint != null)
{ {
if (dicprint != null) Dictionary<string, string> results = new Dictionary<string, string>();
{ foreach (KeyValuePair<string, object> entry in dicprint)
Dictionary<string, string> results = new Dictionary<string, string>(); results[entry.Key] = String.Format("{0}", entry.Value);
foreach (KeyValuePair<string, object> entry in dicprint) DictPrint(results, delete_nulls);
results[entry.Key] = String.Format("{0}", entry.Value);
DictPrint(results, delete_nulls);
}
else
NotFoundPrint();
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
else
NotFoundPrint();
} }
public static void DictPrint(List<Dictionary<string, string>> listdicprint, Dictionary<string, string> colors, bool delete_nulls, bool no_gray = false) public static void DictPrint(List<Dictionary<string, string>> listdicprint, Dictionary<string, string> colors, bool delete_nulls, bool no_gray = false)
{ {
try if (listdicprint.Count > 0)
{ {
if (listdicprint.Count > 0) foreach (Dictionary<string, string> dicprint in listdicprint)
{ {
foreach (Dictionary<string, string> dicprint in listdicprint) DictPrint(dicprint, colors, delete_nulls, no_gray);
{ PrintLineSeparator();
DictPrint(dicprint, colors, delete_nulls, no_gray);
PrintLineSeparator();
}
} }
else
NotFoundPrint();
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
else
NotFoundPrint();
} }
public static void ListPrint(List<string> list_to_print) public static void ListPrint(List<string> list_to_print)
{ {
try if (list_to_print.Count > 0)
{ {
if (list_to_print.Count > 0) foreach (string elem in list_to_print)
{ System.Console.WriteLine(" " + elem);
foreach (string elem in list_to_print)
System.Console.WriteLine(" " + elem);
}
else
NotFoundPrint();
}
catch (Exception ex)
{
GrayPrint(String.Format("{0}", ex));
} }
else
NotFoundPrint();
} }
public static void ListPrint(List<string> list_to_print, Dictionary<string, string> dic_colors) public static void ListPrint(List<string> list_to_print, Dictionary<string, string> dic_colors)
@ -401,10 +314,10 @@ namespace winPEAS
BLUE = ""; BLUE = "";
LBLUE = ""; LBLUE = "";
MAGENTA = ""; MAGENTA = "";
LMAGENTA = ""; //LMAGENTA = "";
CYAN = ""; CYAN = "";
LCYAN = ""; LCYAN = "";
REDYELLOW = ""; //REDYELLOW = "";
NOCOLOR = ""; NOCOLOR = "";
ansi_color_bad = ""; ansi_color_bad = "";
ansi_color_good = ""; ansi_color_good = "";

@ -1,5 +1,4 @@
using CredentialManagement; using Microsoft.Win32;
using Microsoft.Win32;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Diagnostics; using System.Diagnostics;
@ -829,11 +828,6 @@ namespace winPEAS
return results; return results;
} }
public static void GetCredsCredmanager()
{
var cm = new Credential { };
cm.Load();
}
public static List<Dictionary<string, string>> GetSavedRDPConnections() public static List<Dictionary<string, string>> GetSavedRDPConnections()
{ {
@ -2007,25 +2001,7 @@ namespace winPEAS
return false; return false;
} }
} }
public static IEnumerable<string> Split(string text, int partLength)
{
if (text == null) { Console.WriteLine("[ERROR] Split() - singleLineString"); }
if (partLength < 1) { Console.WriteLine("[ERROR] Split() - 'columns' must be greater than 0."); }
var partCount = Math.Ceiling((double)text.Length / partLength);
if (partCount < 2)
{
yield return text;
}
for (int i = 0; i < partCount; i++)
{
var index = i * partLength;
var lengthLeft = Math.Min(partLength, text.Length - index);
var line = text.Substring(index, lengthLeft);
yield return line;
}
}
public static List<Dictionary<string, string>> ListKerberosTickets() public static List<Dictionary<string, string>> ListKerberosTickets()
{ {
if (MyUtils.IsHighIntegrity()) if (MyUtils.IsHighIntegrity())
@ -2194,6 +2170,7 @@ namespace winPEAS
} }
return results; return results;
} }
public static List<Dictionary<string, string>> ListKerberosTicketsCurrentUser() public static List<Dictionary<string, string>> ListKerberosTicketsCurrentUser()
{ {
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>(); List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
@ -2294,6 +2271,7 @@ namespace winPEAS
return ListKerberosTGTDataCurrentUser(); return ListKerberosTGTDataCurrentUser();
} }
} }
public static List<Dictionary<string, string>> ListKerberosTGTDataAllUsers() public static List<Dictionary<string, string>> ListKerberosTGTDataAllUsers()
{ {
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>(); List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();

@ -9,7 +9,6 @@ using System.Text.RegularExpressions;
using System.Reflection; using System.Reflection;
using System.Security.AccessControl; using System.Security.AccessControl;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
//using Colorful;
using System.Threading; using System.Threading;
namespace winPEAS namespace winPEAS
@ -623,22 +622,6 @@ namespace winPEAS
////////////////////// //////////////////////
//////// MISC //////// //////// MISC ////////
////////////////////// //////////////////////
public static Dictionary<string, string> RemoveEmptyKeys(Dictionary<string, string> dic_in)
{
Dictionary<string, string> results = new Dictionary<string, string>();
try
{
foreach (KeyValuePair<string, string> entry in dic_in)
if (!String.IsNullOrEmpty(entry.Value.Trim()))
results[entry.Key] = entry.Value;
return results;
}
catch (Exception ex)
{
Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message));
}
return results;
}
public static List<string> ListFolder(String path) public static List<string> ListFolder(String path)
{ {
string root = @Path.GetPathRoot(Environment.SystemDirectory) + path; string root = @Path.GetPathRoot(Environment.SystemDirectory) + path;

File diff suppressed because it is too large Load Diff

@ -1,5 +1,4 @@
//using Colorful; // http://colorfulconsole.com/ using System;
using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Management; using System.Management;
@ -654,33 +653,31 @@ namespace winPEAS
{ {
void PrintInterestingProcesses() void PrintInterestingProcesses()
{ {
/* Colors Code
* RED:
* ---- Write privileges in path
* ---- Different Owner than myself
* GREEN:
* ---- No Write privileges in path
* MAGENTA:
* ---- Current username
*/
try try
{ {
Beaprint.MainPrint("Interesting Processes -non Microsoft-", "T1010&T1057&T1007"); Beaprint.MainPrint("Interesting Processes -non Microsoft-", "T1010&T1057&T1007");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes", "Check if any interesting proccesses for memmory dump or if you could overwrite some binary running"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes", "Check if any interesting proccesses for memmory dump or if you could overwrite some binary running");
List<Dictionary<string, string>> processes_info = ProcessesInfo.GetProcessInfo(); List<Dictionary<string, string>> processes_info = ProcessesInfo.GetProcInfo();
foreach (Dictionary<string, string> proc_info in processes_info) foreach (Dictionary<string, string> proc_info in processes_info)
{ {
Dictionary<string, string> colorsP = new Dictionary<string, string>()
{
{ " "+currentUserName, Beaprint.ansi_current_user },
{ "Permissions:.*", Beaprint.ansi_color_bad },
{ "Possible DLL Hijacking.*", Beaprint.ansi_color_bad },
};
if (ProcessesInfo.defensiveProcesses.ContainsKey(proc_info["Name"])) if (ProcessesInfo.defensiveProcesses.ContainsKey(proc_info["Name"]))
{ {
proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString(); if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString()))
proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString();
colorsP[proc_info["Product"]] = Beaprint.ansi_color_good;
} }
else if (ProcessesInfo.interestingProcesses.ContainsKey(proc_info["Name"])) else if (ProcessesInfo.interestingProcesses.ContainsKey(proc_info["Name"]))
{ {
proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString(); if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString()))
} proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString();
else if (ProcessesInfo.browserProcesses.ContainsKey(proc_info["Name"])) colorsP[proc_info["Product"]] = Beaprint.ansi_color_bad;
{
proc_info["Product"] = ProcessesInfo.browserProcesses[proc_info["Name"]].ToString();
} }
List<string> file_rights = MyUtils.GetPermissionsFile(proc_info["ExecutablePath"], currentUserSIDs); List<string> file_rights = MyUtils.GetPermissionsFile(proc_info["ExecutablePath"], currentUserSIDs);
@ -688,6 +685,8 @@ namespace winPEAS
if (proc_info["ExecutablePath"] != null && proc_info["ExecutablePath"] != "") if (proc_info["ExecutablePath"] != null && proc_info["ExecutablePath"] != "")
dir_rights = MyUtils.GetPermissionsFolder(Path.GetDirectoryName(proc_info["ExecutablePath"]), currentUserSIDs); dir_rights = MyUtils.GetPermissionsFolder(Path.GetDirectoryName(proc_info["ExecutablePath"]), currentUserSIDs);
colorsP[proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+", "\\+") + "[^\"^']"] = (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good;
string formString = " {0}({1})[{2}]"; string formString = " {0}({1})[{2}]";
if (proc_info["Product"] != null && proc_info["Product"].Length > 1) if (proc_info["Product"] != null && proc_info["Product"].Length > 1)
formString += ": {3}"; formString += ": {3}";
@ -702,13 +701,7 @@ namespace winPEAS
if (proc_info["CommandLine"].Length > 1) if (proc_info["CommandLine"].Length > 1)
formString += "\n "+ Beaprint.ansi_color_gray + "Command Line: {9}"; formString += "\n "+ Beaprint.ansi_color_gray + "Command Line: {9}";
Dictionary<string, string> colorsP = new Dictionary<string, string>()
{
{ " "+currentUserName, Beaprint.ansi_current_user },
{ "Permissions:.*", Beaprint.ansi_color_bad },
{ "Possible DLL Hijacking.*", Beaprint.ansi_color_bad },
{ proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+","\\+")+"[^\"^']", (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good },
};
Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP); Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP);
Beaprint.PrintLineSeparator(); Beaprint.PrintLineSeparator();
} }

@ -5,11 +5,11 @@ using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following // General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information // set of attributes. Change these attribute values to modify the information
// associated with an assembly. // associated with an assembly.
[assembly: AssemblyTitle("winPEAS")] [assembly: AssemblyTitle("asdas2dasd")]
[assembly: AssemblyDescription("")] [assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")] [assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")] [assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("winPEAS")] [assembly: AssemblyProduct("asdas2dasd")]
[assembly: AssemblyCopyright("Copyright © 2019")] [assembly: AssemblyCopyright("Copyright © 2019")]
[assembly: AssemblyTrademark("")] [assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")] [assembly: AssemblyCulture("")]
@ -20,7 +20,7 @@ using System.Runtime.InteropServices;
[assembly: ComVisible(false)] [assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM // The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("d934058e-a7db-493f-a741-ae8e3df867f4")] [assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")]
// Version information for an assembly consists of the following four values: // Version information for an assembly consists of the following four values:
// //

@ -9,7 +9,6 @@ using System.ServiceProcess;
using System.Reflection; using System.Reflection;
using System.Security.AccessControl; using System.Security.AccessControl;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Security.Principal;
namespace winPEAS namespace winPEAS
{ {

@ -564,6 +564,7 @@ namespace winPEAS
} }
return user; return user;
} }
public static UserPrincipal GetUserLocal(string sUserName) public static UserPrincipal GetUserLocal(string sUserName)
{ {
// Extract local user information // Extract local user information
@ -575,6 +576,7 @@ namespace winPEAS
user = searcher.FindOne() as UserPrincipal; user = searcher.FindOne() as UserPrincipal;
return user; return user;
} }
public static UserPrincipal GetUserDomain(string sUserName, string domain) public static UserPrincipal GetUserDomain(string sUserName, string domain)
{ {
//if not local, try to extract domain user information //if not local, try to extract domain user information
@ -979,8 +981,8 @@ namespace winPEAS
else if (Clipboard.ContainsFileDropList()) else if (Clipboard.ContainsFileDropList())
c = String.Format("{0}", Clipboard.GetFileDropList()); c = String.Format("{0}", Clipboard.GetFileDropList());
else if (Clipboard.ContainsImage()) //else if (Clipboard.ContainsImage()) //No system.Drwing import
c = String.Format("{0}", Clipboard.GetImage()); //c = String.Format("{0}", Clipboard.GetImage());
} }
catch (Exception ex) catch (Exception ex)
{ {

@ -1,7 +1,5 @@
//using Colorful; using System;
using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Drawing;
using System.Linq; using System.Linq;
using System.Management; using System.Management;

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!--This config file was generated by Dotfuscator. Please use the Dotfuscator Config Editor to modify.-->
<!DOCTYPE dotfuscator SYSTEM "http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v2.5.dtd">
<dotfuscator version="2.3">
<global>
<option>debugauto</option>
</global>
<input>
<loadpaths />
<asmlist>
<inputassembly refid="e530c479-7674-4845-a184-2dc88a7a642f">
<option>honoroas</option>
<option>stripoa</option>
<option>library</option>
<option>transformxaml</option>
<file dir="D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release" name="Microsoft.Win32.TaskScheduler.dll" />
</inputassembly>
<inputassembly refid="bf3fde19-95ca-4d0e-b46f-6136ba4e2100">
<option>honoroas</option>
<option>stripoa</option>
<option>library</option>
<option>transformxaml</option>
<file dir="D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release" name="winPEAS.exe" />
</inputassembly>
</asmlist>
</input>
<output>
<file dir="${configdir}\Dotfuscated" />
</output>
<renaming>
<option>xmlserialization</option>
<mapping>
<mapoutput overwrite="false">
<file dir="${configdir}\Dotfuscated" name="Map.xml" />
</mapoutput>
</mapping>
<referencerulelist>
<referencerule rulekey="{6655B10A-FD58-462d-8D4F-5B1316DFF0FF}" />
<referencerule rulekey="{7D9C8B02-2383-420f-8740-A9760394C2C1}" />
<referencerule rulekey="{229FD6F8-5BCC-427b-8F72-A7A413ECDF1A}" />
<referencerule rulekey="{2B7E7C8C-A39A-4db8-9DFC-6AFD38509061}" />
<referencerule rulekey="{494EA3BA-B947-44B5-BEE8-A11CC85AAF9B}" />
<referencerule rulekey="{89769974-93E9-4e71-8D92-BE70E855ACFC}" />
<referencerule rulekey="{4D81E604-A545-4631-8B6D-C3735F793F80}" />
<referencerule rulekey="{62bd3899-7d53-4336-8ca2-4e5dbae187d5}" />
</referencerulelist>
</renaming>
<sos mergeruntime="true">
<option>version:v4</option>
<option>sendanalytics</option>
<option>dontsendtamper</option>
</sos>
<smartobfuscation>
<smartobfuscationreport verbosity="all" overwrite="false" />
</smartobfuscation>
</dotfuscator>

@ -47,3 +47,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

@ -1 +0,0 @@
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

@ -1 +0,0 @@
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\de\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\es\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\it\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll
D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

@ -1 +0,0 @@
D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml

Some files were not shown because too many files have changed in this diff Show More