Skip to content

Commit

Permalink
Merge pull request #329 from godylockz/master
Browse files Browse the repository at this point in the history 
Fix Internet Explorer Enumeration
  • Loading branch information
@carlospolop
carlospolop committed Dec 31, 2022
2 parents d20638f + 3cc49b5 commit ded6f30
Show file tree
Hide file tree
Showing 137 changed files with 17,308 additions and 17,353 deletions.
1 change: 0 additions & 1 deletion winPEAS/winPEASexe/Tests/Properties/AssemblyInfo.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following
Expand Down
4 changes: 2 additions & 2 deletions winPEAS/winPEASexe/Tests/SmokeTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ public void ShouldRunWinPeass()
{
try
{
string[] args = new string[] {
"systeminfo", "servicesinfo", "processinfo", "applicationsinfo", "browserinfo", "debug"
string[] args = new string[] {
"systeminfo", "servicesinfo", "processinfo", "applicationsinfo", "browserinfo", "debug"
};
Program.Main(args);
}
Expand Down
12 changes: 6 additions & 6 deletions winPEAS/winPEASexe/winPEAS/Checks/ApplicationsInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ void PrintActiveWindow()
{
Beaprint.MainPrint("Current Active Window Application");
string title = ApplicationInfoHelper.GetActiveWindowTitle();
List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, Checks.CurrentUserSiDs);
List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, Checks.CurrentUserSiDs);
if (permsFile.Count > 0)
{
Beaprint.BadPrint(" " + title);
Expand Down Expand Up @@ -188,8 +188,8 @@ void PrintScheduled()

foreach (Dictionary<string, string> sapp in scheduled_apps)
{
List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], Checks.CurrentUserSiDs);
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], Checks.CurrentUserSiDs);
string formString = " ({0}) {1}: {2}";

if (fileRights.Count > 0)
Expand Down Expand Up @@ -238,8 +238,8 @@ void PrintDeviceDrivers()
foreach (var driver in DeviceDrivers.GetDeviceDriversNoMicrosoft())
{
string pathDriver = driver.Key;
List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, Checks.CurrentUserSiDs);
List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, Checks.CurrentUserSiDs);

Dictionary<string, string> colorsD = new Dictionary<string, string>()
{
Expand Down
10 changes: 5 additions & 5 deletions winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ internal static void Run(string[] args)
{
MaxRegexFileSize = Int32.Parse(parts[1]);
}

}

if (string.Equals(arg, "-lolbas", StringComparison.CurrentCultureIgnoreCase))
Expand Down Expand Up @@ -363,8 +363,8 @@ private static void CreateDynamicLists()
try
{
Beaprint.GrayPrint(" - Creating disabled users list...");
Checks.PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
PaintDisabledUsersNoAdministrator = Checks.PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
PaintDisabledUsersNoAdministrator = PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
}
catch (Exception ex)
{
Expand Down Expand Up @@ -411,7 +411,7 @@ private static void CheckRegANSI()
try
{
if (RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "" && RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "")
System.Console.WriteLine(@"ANSI color bit for Windows is not set. If you are execcuting this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
Console.WriteLine(@"ANSI color bit for Windows is not set. If you are executing this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
}
catch (Exception ex)
{
Expand All @@ -425,7 +425,7 @@ private static void CheckLongPath()
{
if (RegistryHelper.GetRegValue("HKLM", @"SYSTEM\CurrentControlSet\Control\FileSystem", "LongPathsEnabled") != "1")
{
System.Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260 chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
IsLongPath = false;
}
else
Expand Down
12 changes: 6 additions & 6 deletions winPEAS/winPEASexe/winPEAS/Checks/EventsInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
namespace winPEAS.Checks
{
internal class EventsInfo : ISystemCheck
{
{
public void PrintInfo(bool isDebug)
{
Beaprint.GreatPrint("Interesting Events information");
Expand All @@ -23,7 +23,7 @@ public void PrintInfo(bool isDebug)
PrintPowerShellEvents,
PowerOnEvents,
}.ForEach(action => CheckRunner.Run(action, isDebug));
}
}

private static void PrintPowerShellEvents()
{
Expand Down Expand Up @@ -91,7 +91,7 @@ private static void PrintLogonEvents()
}

var logonInfos = Logon.GetLogonInfos(lastDays);

foreach (var info in logonInfos.LogonEventInfos)
{
Beaprint.BadPrint($" Subject User Name : {info.SubjectUserName}\n" +
Expand All @@ -102,13 +102,13 @@ private static void PrintLogonEvents()
$" Lm Package : {info.LmPackage}\n" +
$" Logon Type : {info.LogonType}\n" +
$" Target User Name : {info.TargetUserName}\n" +
$" Target Domain Name : {info.TargetDomainName}\n" +
$" Target Domain Name : {info.TargetDomainName}\n" +
$" Target Outbound User Name : {info.TargetOutboundUserName}\n" +
$" Target Outbound Domain Name : {info.TargetOutboundDomainName}\n");

Beaprint.PrintLineSeparator();
}

if (logonInfos.NTLMv1LoggedUsersSet.Count > 0 || logonInfos.NTLMv2LoggedUsersSet.Count > 0)
{
Beaprint.BadPrint(" NTLM relay might be possible - other users authenticate to this machine using NTLM!");
Expand Down Expand Up @@ -151,7 +151,7 @@ private static void PrintExplicitLogonEvents()
{
var lastDays = 30;

Beaprint.MainPrint($"Printing Explicit Credential Events (4648) for last {lastDays} days - A process logged on using plaintext credentials\n");
Beaprint.MainPrint($"Printing Explicit Credential Events (4648) for last {lastDays} days - A process logged on using plaintext credentials\n");

if (!MyUtils.IsHighIntegrity())
{
Expand Down
49 changes: 27 additions & 22 deletions winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public void PrintInfo(bool isDebug)
}.ForEach(action => CheckRunner.Run(action, isDebug));
}

private static List<CustomFileInfo> InitializeFileSearch(bool useProgramFiles=true)
private static List<CustomFileInfo> InitializeFileSearch(bool useProgramFiles = true)
{
var files = new List<CustomFileInfo>();
var systemDrive = $"{SearchHelper.SystemDrive}\\";
Expand Down Expand Up @@ -101,7 +101,7 @@ private static bool[] Search(List<CustomFileInfo> files, string fileName, FileSe
isFileFound = Regex.IsMatch(fold, pattern, RegexOptions.IgnoreCase);
if (isFileFound) break;
}
}
}
}
else
{
Expand All @@ -118,7 +118,8 @@ private static bool[] Search(List<CustomFileInfo> files, string fileName, FileSe

if (isFileFound)
{
if (!somethingFound) {
if (!somethingFound)
{
Beaprint.MainPrint($"Found {searchName} Files");
somethingFound = true;
}
Expand All @@ -132,7 +133,7 @@ private static bool[] Search(List<CustomFileInfo> files, string fileName, FileSe
}
}
// there are inner sections
else
else
{
foreach (var innerFileToSearch in fileSettings.files)
{
Expand All @@ -143,7 +144,7 @@ private static bool[] Search(List<CustomFileInfo> files, string fileName, FileSe
}
}


return new bool[] { false, somethingFound };
}

Expand Down Expand Up @@ -177,7 +178,7 @@ private static List<string> SearchContent(string text, string regex_str, bool ca
}
return foundMatches;
}

if (!is_re_match)
{
return foundMatches;
Expand All @@ -187,10 +188,10 @@ private static List<string> SearchContent(string text, string regex_str, bool ca
foreach (Match match in rgx.Matches(text))
{
if (cont > 10) break;

if (match.Value.Length < 400 && match.Value.Trim().Length > 2)
foundMatches.Add(match.Value);

cont++;
}
}
Expand Down Expand Up @@ -348,12 +349,12 @@ private static void PrintYAMLRegexesSearchFiles()
{
timer.Start();
}
try
{
string text = System.IO.File.ReadAllText(f.FullPath);
string text = File.ReadAllText(f.FullPath);
results = SearchContent(text, regex.regex, (bool)regex.caseinsensitive);
if (results.Count > 0)
{
Expand Down Expand Up @@ -429,7 +430,7 @@ private static string GetRegexpFromString(string str)
// . -> \.
// * -> .*
// add $ at the end to avoid false positives

var pattern = str.Replace(".", @"\.")
.Replace("*", @".*");

Expand All @@ -447,11 +448,11 @@ private static string GetRegexpFromString(string str)
resultsCount++;

if (resultsCount > ListFileLimit) return false;

// If contains undesireable string, stop processing
if (fileSettings.remove_path != null && fileSettings.remove_path.Length > 0)
{
foreach(var rem_path in fileSettings.remove_path.Split('|'))
foreach (var rem_path in fileSettings.remove_path.Split('|'))
{
if (fileInfo.FullPath.ToLower().Contains(rem_path.ToLower()))
return false;
Expand All @@ -460,19 +461,23 @@ private static string GetRegexpFromString(string str)

if (fileSettings.type == "f")
{
var colors = new Dictionary<string, string>();
colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
var colors = new Dictionary<string, string>
{
{ fileInfo.Filename, Beaprint.ansi_color_bad }
};
Beaprint.AnsiPrint($"File: {fileInfo.FullPath}", colors);

if (!(bool)fileSettings.just_list_file)
if (!(bool)fileSettings.just_list_file)
{
GrepResult(fileInfo, fileSettings);
}
}
else if (fileSettings.type == "d")
{
var colors = new Dictionary<string, string>();
colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
var colors = new Dictionary<string, string>
{
{ fileInfo.Filename, Beaprint.ansi_color_bad }
};
Beaprint.AnsiPrint($"Folder: {fileInfo.FullPath}", colors);

// just list the directory
Expand All @@ -487,7 +492,7 @@ private static string GetRegexpFromString(string str)
}
else
{
// should not happen
// should not happen
}
}

Expand Down Expand Up @@ -531,11 +536,11 @@ private static void GrepResult(CustomFileInfo fileInfo, FileSettings fileSetting
{
lineGrep = SanitizeLineGrep(fileSettings.line_grep);
}

fileContent = fileContent.Where(line => (!string.IsNullOrWhiteSpace(fileSettings.good_regex) && Regex.IsMatch(line, fileSettings.good_regex, RegexOptions.IgnoreCase)) ||
(!string.IsNullOrWhiteSpace(fileSettings.bad_regex) && Regex.IsMatch(line, fileSettings.bad_regex, RegexOptions.IgnoreCase)) ||
(!string.IsNullOrWhiteSpace(lineGrep) && Regex.IsMatch(line, lineGrep, RegexOptions.IgnoreCase)));
}
}

var content = string.Join(Environment.NewLine, fileContent);

Expand Down
Loading

0 comments on commit ded6f30

Please sign in to comment.