winpeas.ps1

Rename WinPeas.ps1 to winPEAS.ps1
banner
2026-01-07 19:02:44 -08:00 · 2023-05-29 16:52:21 +02:00 · 2023-05-29 16:51:23 +02:00 · 2023-05-29 16:44:38 +02:00 · 2023-05-29 16:43:04 +02:00 · 2023-05-29 16:41:54 +02:00
8 changed files with 1329 additions and 5 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,4 +1,5 @@
 If you are going to suggest something, please remove the following template. 
+If your issue is related with WinPEAS.ps1 please mention https://github.com/RandolphConley

 #### Issue description

--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@@ -137,6 +137,12 @@ jobs:
        with:
          name: winPEAS.bat
          path: winPEAS\winPEASbat\winPEAS.bat
+      
+      - name: Upload winpeas.ps1
+        uses: actions/upload-artifact@v2
+        with:
+          name: winPEAS.ps1
+          path: winPEAS\winPEASps1\winPEAS.ps1
          
      # Git add
      #- name: Create local changes
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -1141,6 +1141,15 @@ search:
          - name: "authorized_keys"
            value: 
                good_regex: 'from=[\w\._\-]+'
+                bad_regex: "command=.*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "*.pub"
+            value:
+                bad_regex: "command=.*"
+                only_bad_lines: True
                type: f
                search_in: 
                  - common
--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -128,7 +128,7 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
    print_2title "Executing Linux Exploit Suggester"
    print_info "https://github.com/mzet-/linux-exploit-suggester"
    les_b64="peass{LES}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
    echo ""
 fi

--- a/winPEAS/README.md
+++ b/winPEAS/README.md
@@ -9,10 +9,12 @@ Check more **information about how to exploit** found misconfigurations in **[bo
 ## Quick Start
 Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.

-## WinPEAS .exe and .bat
- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) 
- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
+## WinPEAS Flavours
+- [Link to WinPEAS C# .exe project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
    - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
+- [Link to WinPEAS .ps1 project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASps1)
+- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) 
+

 ## PEASS Style

--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
@@ -7,9 +8,11 @@ using System.Management;
 using System.Net;
 using System.Net.NetworkInformation;
 using System.Windows.Forms;
+using System.Text.RegularExpressions;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

+
 namespace winPEAS.Info.SystemInfo
 {
    class SystemInfo
@@ -44,11 +47,65 @@ namespace winPEAS.Info.SystemInfo
            }
            return false;
        }
-
+        
        //From Seatbelt
        public static Dictionary<string, string> GetBasicOSInfo()
        {
            Dictionary<string, string> results = new Dictionary<string, string>();
+
+            // Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
+            
+            Process process = new Process();
+
+            // Configure the process to run the systeminfo command
+            process.StartInfo.FileName = "systeminfo.exe";
+            process.StartInfo.UseShellExecute = false;
+            process.StartInfo.RedirectStandardOutput = true;
+
+            // Start the process
+            process.Start();
+
+            // Read the output of the command
+            string output = process.StandardOutput.ReadToEnd();
+
+            // Wait for the command to finish
+            process.WaitForExit();
+
+
+            // Split the output by newline characters
+            string[] lines = output.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries);
+            
+            string osname = @".*?Microsoft[\(R\)]{0,3} Windows[\(R\)?]{0,3} ?(Serverr? )?(\d+\.?\d?( R2)?|XP|VistaT).*";
+            string osversion = @".*?((\d+\.?){3}) ((Service Pack (\d)|N\/\w|.+) )?[ -\xa5]+ (\d+).*";
+            // Iterate over each line and add key-value pairs to the dictionary
+            foreach (string line in lines)
+            {
+                int index = line.IndexOf(':');
+                if (index != -1)
+                {
+                    string key = line.Substring(0, index).Trim();
+                    string value = line.Substring(index + 1).Trim();
+                    if (Regex.IsMatch(value, osname, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Name"] = value;
+                    }
+                    //I have to find a better way. Maybe use regex from wes-ng
+                    if (Regex.IsMatch(value, osversion, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Version"] = value;
+                    }
+
+                    if (value.Contains("based PC")) 
+                    {
+                        results["System Type"] = value;
+                    }
+                    
+                }
+            }
+
+            // ENDING Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
            try
            {
                string ProductName = RegistryHelper.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "ProductName");
--- a/winPEAS/winPEASps1/README.md
+++ b/winPEAS/winPEASps1/README.md
@@ -0,0 +1,26 @@
+# Windows Privilege Escalation Awesome Script (.ps1)
+
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
+
+**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation)**
+
+Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation)**
+
+## Mantainer
+
+The official **maintainer of this script is [RandolphConley](https://github.com/RandolphConley)**.
+
+## Quick Start
+
+Download the **[latest releas from here](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
+
+```bash
+powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/WinPeas.ps1')"
+```
+
+## Advisory
+
+All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+
+
+By Polop
--- a/winPEAS/winPEASps1/winPEAS.ps1
+++ b/winPEAS/winPEASps1/winPEAS.ps1
Author	SHA1	Message	Date
carlospolop	e36d5a5736	winpeas.ps1	2023-05-29 16:52:21 +02:00
Carlos Polop	11cfe79ad0	Rename WinPeas.ps1 to winPEAS.ps1	2023-05-29 16:51:23 +02:00
carlospolop	a1552d61df	banner	2023-05-29 16:44:38 +02:00
carlospolop	71ec9c7d31	ps1	2023-05-29 16:43:04 +02:00
carlospolop	d4ff43b604	readme	2023-05-29 16:41:54 +02:00
Carlos Polop	56a193df60	Merge pull request #361 from RandolphConley/master winPEASps1 initial commit	2023-05-29 16:22:26 +02:00
StevenLtheThird	f67bedda4f	Update winPeas.ps1 Added padding and Time Stamps in more locations.	2023-05-26 16:07:47 -04:00
StevenLtheThird	f988d8b05f	winPEAS initial upload PS1 version of winPEAS Powershell V2 support coming soon!	2023-05-26 11:04:49 -04:00
carlospolop	78c932f1af	improve	2023-05-25 14:27:17 +02:00
Carlos Polop	7e7738ab98	Merge pull request #360 from fredtep/wes-ng Wes ng	2023-05-25 00:31:17 +02:00
Carlos Polop	68cd1c28df	Merge pull request #358 from Schrubitteflau/master LinPEAS - Exploit Suggester red color not applied in a specific case	2023-05-25 00:29:53 +02:00
Fr3sh	58719a6075	removing unecessary build number	2023-05-23 15:38:02 +02:00
Fr3sh	2a4868c0eb	add systeminfo output for wes-ng	2023-05-23 15:14:45 +02:00
Antoine SANSON	e4b9ae6479	Fix LES regex	2023-05-15 14:31:13 +02:00