mirror of
https://github.com/peass-ng/PEASS-ng.git
synced 2025-12-25 04:15:01 -08:00
Compare commits
6 Commits
20240221-e
...
20240317-3
| Author | SHA1 | Date | |
|---|---|---|---|
|
aee8acf60f | ||
|
|
a79fb7f5d5 | ||
|
|
0dccf2f2a8 | ||
|
|
0cc314fe04 | ||
|
|
b430fc80bd | ||
|
|
41d6a03db3 |
@@ -154,7 +154,7 @@ check_do
|
||||
print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
check_aliyun_ecs
|
||||
print_list "Aliyun ECS? .......................... $is_aliyun_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
check_tencent_cvm
|
||||
#check_tencent_cvm
|
||||
print_list "Tencent CVM? .......................... $is_tencent_cvm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
check_ibm_vm
|
||||
print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
@@ -452,17 +452,19 @@ if [ "$is_gcp_function" = "Yes" ]; then
|
||||
print_3title "Service Accounts"
|
||||
for sa in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"); do
|
||||
echo " Name: $sa"
|
||||
echo " Email: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/email")
|
||||
echo " Aliases: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/aliases")
|
||||
echo " Identity: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/identity")
|
||||
echo " Scopes: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/scopes") | sed -${E} "s,${GCP_GOOD_SCOPES},${SED_GREEN},g" | sed -${E} "s,${GCP_BAD_SCOPES},${SED_RED},g"
|
||||
echo " Token: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/token")
|
||||
echo " Email: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}email")
|
||||
echo " Aliases: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}aliases")
|
||||
echo " Identity: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}identity")
|
||||
echo " Scopes: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}scopes") | sed -${E} "s,${GCP_GOOD_SCOPES},${SED_GREEN},g" | sed -${E} "s,${GCP_BAD_SCOPES},${SED_RED},g"
|
||||
echo " Token: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}token")
|
||||
echo " ============== "
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/405423052163-compute@developer.gserviceaccount.com/email"
|
||||
|
||||
# AWS ECS Enumeration
|
||||
if [ "$is_aws_ecs" = "Yes" ]; then
|
||||
print_2title "AWS ECS Enumeration"
|
||||
|
||||
@@ -158,16 +158,19 @@ namespace winPEAS.Checks
|
||||
bool is_re_match = false;
|
||||
try
|
||||
{
|
||||
// Escape backslashes in the regex string
|
||||
string escapedRegex = regex_str.Trim().Replace(@"\", @"\\");
|
||||
|
||||
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
|
||||
if (caseinsensitive)
|
||||
{
|
||||
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
|
||||
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(escapedRegex, RegexOptions.IgnoreCase);
|
||||
}
|
||||
else
|
||||
{
|
||||
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(regex_str.Trim());
|
||||
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.None, TimeSpan.FromSeconds(120));
|
||||
rgx = new Regex(escapedRegex);
|
||||
}
|
||||
}
|
||||
catch (RegexMatchTimeoutException e)
|
||||
|
||||
@@ -387,21 +387,28 @@ namespace winPEAS.Checks
|
||||
|
||||
static void PrintCachedCreds()
|
||||
{
|
||||
Beaprint.MainPrint("Cached Creds");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#cached-credentials", "If > 0, credentials will be cached in the registry and accessible by SYSTEM user");
|
||||
string cachedlogonscount = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "CACHEDLOGONSCOUNT");
|
||||
if (!string.IsNullOrEmpty(cachedlogonscount))
|
||||
try
|
||||
{
|
||||
int clc = Int16.Parse(cachedlogonscount);
|
||||
if (clc > 0)
|
||||
Beaprint.MainPrint("Cached Creds");
|
||||
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#cached-credentials", "If > 0, credentials will be cached in the registry and accessible by SYSTEM user");
|
||||
string cachedlogonscount = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "CACHEDLOGONSCOUNT");
|
||||
if (!string.IsNullOrEmpty(cachedlogonscount))
|
||||
{
|
||||
Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount);
|
||||
}
|
||||
else
|
||||
{
|
||||
Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount);
|
||||
int clc = Int16.Parse(cachedlogonscount);
|
||||
if (clc > 0)
|
||||
{
|
||||
Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount);
|
||||
}
|
||||
else
|
||||
{
|
||||
Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Beaprint.PrintException(ex.Message);
|
||||
}
|
||||
}
|
||||
|
||||
static void PrintUserEV()
|
||||
|
||||
Reference in New Issue
Block a user