improve

Merge pull request #360 from fredtep/wes-ng
Wes ng
2025-12-31 15:07:49 -08:00 · 2023-05-25 14:27:17 +02:00 · 2023-05-25 00:31:17 +02:00 · 2023-05-25 00:29:53 +02:00 · 2023-05-23 15:38:02 +02:00 · 2023-05-23 15:14:45 +02:00
3 changed files with 68 additions and 2 deletions
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -1141,6 +1141,15 @@ search:
          - name: "authorized_keys"
            value: 
                good_regex: 'from=[\w\._\-]+'
+                bad_regex: "command=.*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "*.pub"
+            value:
+                bad_regex: "command=.*"
+                only_bad_lines: True
                type: f
                search_in: 
                  - common
--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -128,7 +128,7 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
    print_2title "Executing Linux Exploit Suggester"
    print_info "https://github.com/mzet-/linux-exploit-suggester"
    les_b64="peass{LES}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
    echo ""
 fi

--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
@@ -7,9 +8,11 @@ using System.Management;
 using System.Net;
 using System.Net.NetworkInformation;
 using System.Windows.Forms;
+using System.Text.RegularExpressions;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

+
 namespace winPEAS.Info.SystemInfo
 {
    class SystemInfo
@@ -44,11 +47,65 @@ namespace winPEAS.Info.SystemInfo
            }
            return false;
        }
-
+        
        //From Seatbelt
        public static Dictionary<string, string> GetBasicOSInfo()
        {
            Dictionary<string, string> results = new Dictionary<string, string>();
+
+            // Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
+            
+            Process process = new Process();
+
+            // Configure the process to run the systeminfo command
+            process.StartInfo.FileName = "systeminfo.exe";
+            process.StartInfo.UseShellExecute = false;
+            process.StartInfo.RedirectStandardOutput = true;
+
+            // Start the process
+            process.Start();
+
+            // Read the output of the command
+            string output = process.StandardOutput.ReadToEnd();
+
+            // Wait for the command to finish
+            process.WaitForExit();
+
+
+            // Split the output by newline characters
+            string[] lines = output.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries);
+            
+            string osname = @".*?Microsoft[\(R\)]{0,3} Windows[\(R\)?]{0,3} ?(Serverr? )?(\d+\.?\d?( R2)?|XP|VistaT).*";
+            string osversion = @".*?((\d+\.?){3}) ((Service Pack (\d)|N\/\w|.+) )?[ -\xa5]+ (\d+).*";
+            // Iterate over each line and add key-value pairs to the dictionary
+            foreach (string line in lines)
+            {
+                int index = line.IndexOf(':');
+                if (index != -1)
+                {
+                    string key = line.Substring(0, index).Trim();
+                    string value = line.Substring(index + 1).Trim();
+                    if (Regex.IsMatch(value, osname, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Name"] = value;
+                    }
+                    //I have to find a better way. Maybe use regex from wes-ng
+                    if (Regex.IsMatch(value, osversion, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Version"] = value;
+                    }
+
+                    if (value.Contains("based PC")) 
+                    {
+                        results["System Type"] = value;
+                    }
+                    
+                }
+            }
+
+            // ENDING Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
            try
            {
                string ProductName = RegistryHelper.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "ProductName");
Author	SHA1	Message	Date
carlospolop	78c932f1af	improve	2023-05-25 14:27:17 +02:00
Carlos Polop	7e7738ab98	Merge pull request #360 from fredtep/wes-ng Wes ng	2023-05-25 00:31:17 +02:00
Carlos Polop	68cd1c28df	Merge pull request #358 from Schrubitteflau/master LinPEAS - Exploit Suggester red color not applied in a specific case	2023-05-25 00:29:53 +02:00
Fr3sh	58719a6075	removing unecessary build number	2023-05-23 15:38:02 +02:00
Fr3sh	2a4868c0eb	add systeminfo output for wes-ng	2023-05-23 15:14:45 +02:00
Antoine SANSON	e4b9ae6479	Fix LES regex	2023-05-15 14:31:13 +02:00