github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-20 12:39:21 +01:00
Code Releases Activity

fix google password sync

Browse Source
This commit is contained in:
Carlos Polop 2024-10-11 02:44:43 +01:00
parent 26cb96cdc7
commit f55d20a67d
2 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs
View File

@ -138,6 +138,49 @@ namespace winPEAS.Helpers.Registry
}
}
public static string[] ListRegValues(string hive, string path)
{
string[] keys = null;
try
{
if (hive == "HKCU")
{
using (var regKeyValues = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
else if (hive == "HKU")
{
using (var regKeyValues = Microsoft.Win32.Registry.Users.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
else
{
using (var regKeyValues = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
return keys;
}
catch
{
return null;
}
}
public static byte[] GetRegValueBytes(string hive, string path, string value)
{
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)

23
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs
View File

@ -27,7 +27,7 @@ namespace winPEAS.Info.CloudInfo
public static bool CheckIfGPSInstalled()
{
string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
string[] check = Helpers.Registry.RegistryHelper.ListRegValues("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
bool regExists = check != null && check.Length > 0;
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
return result;
@ -66,15 +66,32 @@ namespace winPEAS.Info.CloudInfo
// Get registry valus and decrypt them
string hive = "HKLM";
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
string[] subkeys = Helpers.Registry.RegistryHelper.GetRegSubkeys(hive, regAddr);
string[] subkeys = Helpers.Registry.RegistryHelper.ListRegValues(hive, regAddr);
if (subkeys == null || subkeys.Length == 0)
{
Beaprint.PrintException("Winpeas need admin privs to check the registry for credentials");
Beaprint.PrintException("WinPEAS need admin privs to check the registry for credentials");
}
else
{
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));
// Remove "Email" and "address" from the array
string[] filteredSubkeys = subkeys
.Where(key => key != "Email" && key != "AuthToken" && key != "ADPassword" && key != "(Default)")
.ToArray();
// Check if there are any subkeys left after filtering
if (filteredSubkeys.Length > 1)
{
// Join the remaining subkeys with ", " and print to the console
GPSRegValues.Add("Other keys", string.Join(", ", filteredSubkeys) + " (might contain credentials but WinPEAS doesn't support them)");
}
else
{
Console.WriteLine("No subkeys left after filtering.");
}
// Check if AuthToken in the registry
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
if (authtokenInReg.Length > 0)