mirror of
https://github.com/peass-ng/PEASS-ng.git
synced 2025-12-31 15:07:49 -08:00
Compare commits
2 Commits
20241011-f
...
20241101-6
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a98d46987 | ||
|
|
f55d20a67d |
@@ -138,6 +138,49 @@ namespace winPEAS.Helpers.Registry
|
||||
}
|
||||
}
|
||||
|
||||
public static string[] ListRegValues(string hive, string path)
|
||||
{
|
||||
string[] keys = null;
|
||||
try
|
||||
{
|
||||
if (hive == "HKCU")
|
||||
{
|
||||
using (var regKeyValues = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path))
|
||||
{
|
||||
if (regKeyValues != null)
|
||||
{
|
||||
keys = regKeyValues.GetValueNames();
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (hive == "HKU")
|
||||
{
|
||||
using (var regKeyValues = Microsoft.Win32.Registry.Users.OpenSubKey(path))
|
||||
{
|
||||
if (regKeyValues != null)
|
||||
{
|
||||
keys = regKeyValues.GetValueNames();
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
using (var regKeyValues = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path))
|
||||
{
|
||||
if (regKeyValues != null)
|
||||
{
|
||||
keys = regKeyValues.GetValueNames();
|
||||
}
|
||||
}
|
||||
}
|
||||
return keys;
|
||||
}
|
||||
catch
|
||||
{
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public static byte[] GetRegValueBytes(string hive, string path, string value)
|
||||
{
|
||||
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)
|
||||
|
||||
@@ -27,7 +27,7 @@ namespace winPEAS.Info.CloudInfo
|
||||
|
||||
public static bool CheckIfGPSInstalled()
|
||||
{
|
||||
string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
|
||||
string[] check = Helpers.Registry.RegistryHelper.ListRegValues("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
|
||||
bool regExists = check != null && check.Length > 0;
|
||||
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
|
||||
return result;
|
||||
@@ -66,15 +66,32 @@ namespace winPEAS.Info.CloudInfo
|
||||
// Get registry valus and decrypt them
|
||||
string hive = "HKLM";
|
||||
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
|
||||
string[] subkeys = Helpers.Registry.RegistryHelper.GetRegSubkeys(hive, regAddr);
|
||||
string[] subkeys = Helpers.Registry.RegistryHelper.ListRegValues(hive, regAddr);
|
||||
if (subkeys == null || subkeys.Length == 0)
|
||||
{
|
||||
Beaprint.PrintException("Winpeas need admin privs to check the registry for credentials");
|
||||
Beaprint.PrintException("WinPEAS need admin privs to check the registry for credentials");
|
||||
}
|
||||
else
|
||||
{
|
||||
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));
|
||||
|
||||
// Remove "Email" and "address" from the array
|
||||
string[] filteredSubkeys = subkeys
|
||||
.Where(key => key != "Email" && key != "AuthToken" && key != "ADPassword" && key != "(Default)")
|
||||
.ToArray();
|
||||
|
||||
// Check if there are any subkeys left after filtering
|
||||
if (filteredSubkeys.Length > 1)
|
||||
{
|
||||
// Join the remaining subkeys with ", " and print to the console
|
||||
GPSRegValues.Add("Other keys", string.Join(", ", filteredSubkeys) + " (might contain credentials but WinPEAS doesn't support them)");
|
||||
}
|
||||
else
|
||||
{
|
||||
Console.WriteLine("No subkeys left after filtering.");
|
||||
}
|
||||
|
||||
|
||||
// Check if AuthToken in the registry
|
||||
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
|
||||
if (authtokenInReg.Length > 0)
|
||||
|
||||
Reference in New Issue
Block a user