mirror of
https://github.com/carlospolop/PEASS-ng
synced 2024-11-20 12:39:21 +01:00
fix google password sync
This commit is contained in:
Carlos Polop
parent
26cb96cdc7
commit
f55d20a67d
@ -138,6 +138,49 @@ namespace winPEAS.Helpers.Registry
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static string[] ListRegValues(string hive, string path)
|
||||||
|
{
|
||||||
|
string[] keys = null;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (hive == "HKCU")
|
||||||
|
{
|
||||||
|
using (var regKeyValues = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path))
|
||||||
|
{
|
||||||
|
if (regKeyValues != null)
|
||||||
|
{
|
||||||
|
keys = regKeyValues.GetValueNames();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (hive == "HKU")
|
||||||
|
{
|
||||||
|
using (var regKeyValues = Microsoft.Win32.Registry.Users.OpenSubKey(path))
|
||||||
|
{
|
||||||
|
if (regKeyValues != null)
|
||||||
|
{
|
||||||
|
keys = regKeyValues.GetValueNames();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
using (var regKeyValues = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path))
|
||||||
|
{
|
||||||
|
if (regKeyValues != null)
|
||||||
|
{
|
||||||
|
keys = regKeyValues.GetValueNames();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return keys;
|
||||||
|
}
|
||||||
|
catch
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static byte[] GetRegValueBytes(string hive, string path, string value)
|
public static byte[] GetRegValueBytes(string hive, string path, string value)
|
||||||
{
|
{
|
||||||
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)
|
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)
|
||||||
|
|||||||
@ -27,7 +27,7 @@ namespace winPEAS.Info.CloudInfo
|
|||||||
|
|
||||||
public static bool CheckIfGPSInstalled()
|
public static bool CheckIfGPSInstalled()
|
||||||
{
|
{
|
||||||
string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
|
string[] check = Helpers.Registry.RegistryHelper.ListRegValues("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
|
||||||
bool regExists = check != null && check.Length > 0;
|
bool regExists = check != null && check.Length > 0;
|
||||||
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
|
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
|
||||||
return result;
|
return result;
|
||||||
@ -66,15 +66,32 @@ namespace winPEAS.Info.CloudInfo
|
|||||||
// Get registry valus and decrypt them
|
// Get registry valus and decrypt them
|
||||||
string hive = "HKLM";
|
string hive = "HKLM";
|
||||||
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
|
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
|
||||||
string[] subkeys = Helpers.Registry.RegistryHelper.GetRegSubkeys(hive, regAddr);
|
string[] subkeys = Helpers.Registry.RegistryHelper.ListRegValues(hive, regAddr);
|
||||||
if (subkeys == null || subkeys.Length == 0)
|
if (subkeys == null || subkeys.Length == 0)
|
||||||
{
|
{
|
||||||
Beaprint.PrintException("Winpeas need admin privs to check the registry for credentials");
|
Beaprint.PrintException("WinPEAS need admin privs to check the registry for credentials");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));
|
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));
|
||||||
|
|
||||||
|
// Remove "Email" and "address" from the array
|
||||||
|
string[] filteredSubkeys = subkeys
|
||||||
|
.Where(key => key != "Email" && key != "AuthToken" && key != "ADPassword" && key != "(Default)")
|
||||||
|
.ToArray();
|
||||||
|
|
||||||
|
// Check if there are any subkeys left after filtering
|
||||||
|
if (filteredSubkeys.Length > 1)
|
||||||
|
{
|
||||||
|
// Join the remaining subkeys with ", " and print to the console
|
||||||
|
GPSRegValues.Add("Other keys", string.Join(", ", filteredSubkeys) + " (might contain credentials but WinPEAS doesn't support them)");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Console.WriteLine("No subkeys left after filtering.");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// Check if AuthToken in the registry
|
// Check if AuthToken in the registry
|
||||||
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
|
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
|
||||||
if (authtokenInReg.Length > 0)
|
if (authtokenInReg.Length > 0)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user