github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2025-02-14 08:54:27 +01:00
Code Releases Activity

improved services permissions checks

Browse Source
This commit is contained in:
kali 2021-03-04 19:40:08 -05:00
parent bcfd7a8bc3
commit fffcbb18ba
2 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
winPEAS/winPEASexe/winPEAS/Helpers/PermissionsHelper.cs
View File

@ -13,7 +13,8 @@ namespace winPEAS.Helpers
{
DEFAULT,
READABLE_OR_WRITABLE,
WRITEABLE_OR_EQUIVALENT
WRITEABLE_OR_EQUIVALENT,
WRITEABLE_OR_EQUIVALENT_SVC,
}
@ -141,7 +142,7 @@ namespace winPEAS.Helpers
foreach (RegistryAccessRule rule in rSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
int current_perm = (int)rule.RegistryRights;
string current_perm_str = PermInt2Str(current_perm, PermissionType.WRITEABLE_OR_EQUIVALENT);
string current_perm_str = PermInt2Str(current_perm, PermissionType.WRITEABLE_OR_EQUIVALENT_SVC);
if (current_perm_str == "")
continue;
@ -177,7 +178,7 @@ namespace winPEAS.Helpers
return results;
}
public static string PermInt2Str(int current_perm, PermissionType permissionType = PermissionType.DEFAULT, bool is_service = false)
public static string PermInt2Str(int current_perm, PermissionType permissionType = PermissionType.DEFAULT)
{
Dictionary<string, int> interesting_perms = new Dictionary<string, int>();
@ -240,21 +241,33 @@ namespace winPEAS.Helpers
{
{ "AllAccess", 0xf01ff},
{ "GenericAll", 0x10000000},
{ "FullControl", (int)FileSystemRights.FullControl }, //0x1f01ff
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, //0x80000
{ "FullControl", (int)FileSystemRights.FullControl }, //0x1f01ff - 2032127
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, //0x80000 - 524288
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData }, //0x2
{ "Modify", (int)FileSystemRights.Modify }, //0x301bf
{ "Write", (int)FileSystemRights.Write }, //0x116
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, //0x40000
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "Modify", (int)FileSystemRights.Modify }, //0x301bf - 197055
{ "Write", (int)FileSystemRights.Write }, //0x116 - 278
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, //0x40000 - 262144
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData }, //4
};
}
if (is_service)
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT_SVC)
{
interesting_perms["Start"] = 0x00000010;
interesting_perms["Stop"] = 0x00000020;
interesting_perms = new Dictionary<string, int>()
{
{ "AllAccess", 0xf01ff},
{ "GenericAll", 0x10000000},
{ "FullControl", (int)RegistryRights.FullControl }, //983103
{ "TakeOwnership", (int)RegistryRights.TakeOwnership }, //524288
{ "GenericWrite", 0x40000000 },
{ "WriteKey", (int)RegistryRights.WriteKey }, //131078
{ "SetValue", (int)RegistryRights.SetValue }, //2
{ "ChangePermissions", (int)RegistryRights.ChangePermissions }, //262144
{ "CreateSubKey", (int)RegistryRights.CreateSubKey }, //4
{ "Start", 0x00000010 },
{ "Stop", 0x00000020 },
};
}
try

2
winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs
View File

@ -219,7 +219,7 @@ namespace winPEAS.Info.ServicesInfo
{
int serviceRights = ace.AccessMask;
string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, PermissionType.WRITEABLE_OR_EQUIVALENT, true);
string current_perm_str = PermissionsHelper.PermInt2Str(serviceRights, PermissionType.WRITEABLE_OR_EQUIVALENT_SVC, true);
if (!string.IsNullOrEmpty(current_perm_str) && !permissions.Contains(current_perm_str))
permissions.Add(current_perm_str);
}