mirror of
https://github.com/peass-ng/PEASS-ng.git
synced 2025-12-25 12:24:41 -08:00
Compare commits
14 Commits
20250201-7
...
20250320-9
| Author | SHA1 | Date | |
|---|---|---|---|
|
46193aa0d5 | ||
|
|
62022abc47 | ||
|
|
ce5cb1ad9c | ||
|
|
30586c064f | ||
|
|
b82fc9ac39 | ||
|
|
54818756e4 | ||
|
|
516aafff27 | ||
|
|
2b64ffc803 | ||
|
|
9f8563c751 | ||
|
|
573acee58c | ||
|
|
41e00d5618 | ||
|
|
536913e7f0 | ||
|
|
4d771fb1f6 | ||
|
|
4964033d44 |
@@ -24,7 +24,7 @@ if [ "$is_az_automation_acc" = "Yes" ]; then
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
az_req="wget -q -O - --header '$HEADER'"
|
||||
else
|
||||
echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
|
||||
fi
|
||||
|
||||
@@ -28,7 +28,7 @@ if [ "$is_ibm_vm" = "Yes" ]; then
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
ibm_req="curl -s -f -L -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
ibm_req="wget -q -O - --header '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
|
||||
else
|
||||
echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
|
||||
fi
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
printf "${YELLOW}Learn and practice cloud hacking techniques in ${BLUE}training.hacktricks.wiki\n"$NC
|
||||
printf "${YELLOW}Learn and practice cloud hacking techniques in ${BLUE}training.hacktricks.xyz\n"$NC
|
||||
echo ""
|
||||
|
||||
print_list "GCP Virtual Machine? ................. $is_gcp_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
@@ -26,7 +26,7 @@ print_list "AWS Codebuild? ....................... $is_aws_codebuild\n"$NC | sed
|
||||
print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Azure VM or Az metadata? ............. $is_az_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Azure APP? ........................... $is_az_app\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Azure APP or IDENTITY_ENDPOINT? ...... $is_az_app\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Azure Automation Account? ............ $is_az_automation_acc\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Aliyun ECS? .......................... $is_aliyun_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
print_list "Tencent CVM? ......................... $is_tencent_cvm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
|
||||
|
||||
@@ -23,7 +23,7 @@ if [ "$is_aws_ec2" = "Yes" ]; then
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
aws_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
aws_req="wget -q -O - -H '$HEADER'"
|
||||
aws_req="wget -q -O - --header '$HEADER'"
|
||||
else
|
||||
echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
|
||||
fi
|
||||
|
||||
@@ -24,7 +24,7 @@ if [ "$is_az_vm" = "Yes" ]; then
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
az_req="wget -q -O - --header '$HEADER'"
|
||||
else
|
||||
echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
|
||||
fi
|
||||
|
||||
@@ -24,7 +24,7 @@ if [ "$is_az_app" = "Yes" ]; then
|
||||
if [ "$(command -v curl || echo -n '')" ]; then
|
||||
az_req="curl -s -f -L -H '$HEADER'"
|
||||
elif [ "$(command -v wget || echo -n '')" ]; then
|
||||
az_req="wget -q -O - -H '$HEADER'"
|
||||
az_req="wget -q -O - --header '$HEADER'"
|
||||
else
|
||||
echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
|
||||
fi
|
||||
|
||||
@@ -19,7 +19,7 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
|
||||
print_2title "Searching possible password variables inside key folders (limit 140)"
|
||||
if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
|
||||
timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
|
||||
timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
|
||||
else
|
||||
timeout 150 find $SEARCH_IN_FOLDER -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
|
||||
fi
|
||||
@@ -29,12 +29,12 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
|
||||
##-- IF) Find possible conf files with passwords
|
||||
print_2title "Searching possible password in config files (if k8s secrets are found you need to read the file)"
|
||||
if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
|
||||
ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" 2>/dev/null)
|
||||
else
|
||||
ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
|
||||
ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" 2>/dev/null)
|
||||
fi
|
||||
printf "%s\n" "$ppicf" | while read f; do
|
||||
if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' \"$f\" 2>/dev/null; then
|
||||
if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' "$f" 2>/dev/null; then
|
||||
echo "$ITALIC $f$NC"
|
||||
grep -HnEiIo 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g"
|
||||
fi
|
||||
|
||||
@@ -19,4 +19,7 @@ check_az_app(){
|
||||
if [ -d "/opt/microsoft" ] && env | grep -iq "azure"; then
|
||||
is_az_app="Yes"
|
||||
fi
|
||||
if [ -n "$IDENTITY_ENDPOINT" ] && echo "$IDENTITY_ENDPOINT" | grep -q "/token" && [ -n "$IDENTITY_HEADER" ]; then
|
||||
is_az_app="Yes"
|
||||
fi
|
||||
}
|
||||
@@ -188,6 +188,9 @@ if [ $? -ne 0 ] ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# on macOS the built-in echo does not support -n, use /bin/echo instead
|
||||
if [ "$MACPEAS" ] ; then alias echo=/bin/echo ; fi
|
||||
|
||||
print_title(){
|
||||
if [ "$DEBUG" ]; then
|
||||
END_T1_TIME=$(date +%s 2>/dev/null)
|
||||
@@ -343,7 +346,7 @@ print_support () {
|
||||
${GREEN}/---------------------------------------------------------------------------------\\
|
||||
| ${BLUE}Do you like PEASS?${GREEN} |
|
||||
|---------------------------------------------------------------------------------|
|
||||
| ${YELLOW}Learn Cloud Hacking${GREEN} : ${RED}https://training.hacktricks.wiki${GREEN} |
|
||||
| ${YELLOW}Learn Cloud Hacking${GREEN} : ${RED}https://training.hacktricks.xyz ${GREEN} |
|
||||
| ${YELLOW}Follow on Twitter${GREEN} : ${RED}@hacktricks_live${GREEN} |
|
||||
| ${YELLOW}Respect on HTB${GREEN} : ${RED}SirBroccoli ${GREEN} |
|
||||
|---------------------------------------------------------------------------------|
|
||||
|
||||
0
parsers/__init__.py
Normal file
0
parsers/__init__.py
Normal file
@@ -144,7 +144,12 @@ def parse_line(line: str):
|
||||
})
|
||||
|
||||
|
||||
def main():
|
||||
def parse_peass(outputpath: str, jsonpath: str = ""):
|
||||
global OUTPUT_PATH, JSON_PATH
|
||||
|
||||
OUTPUT_PATH = outputpath
|
||||
JSON_PATH = jsonpath
|
||||
|
||||
for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
|
||||
line = line.strip()
|
||||
if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
|
||||
@@ -152,17 +157,21 @@ def main():
|
||||
|
||||
parse_line(line)
|
||||
|
||||
with open(JSON_PATH, "w") as f:
|
||||
json.dump(FINAL_JSON, f)
|
||||
if JSON_PATH:
|
||||
with open(JSON_PATH, "w") as f:
|
||||
json.dump(FINAL_JSON, f)
|
||||
|
||||
else:
|
||||
return FINAL_JSON
|
||||
|
||||
|
||||
# Start execution
|
||||
if __name__ == "__main__":
|
||||
try:
|
||||
OUTPUT_PATH = sys.argv[1]
|
||||
JSON_PATH = sys.argv[2]
|
||||
outputpath = sys.argv[1]
|
||||
jsonpath = sys.argv[2]
|
||||
parse_peass(outputpath, jsonpath)
|
||||
except IndexError as err:
|
||||
print("Error: Please pass the peas.out file and the path to save the json\npeas2json.py <output_file> <json_file.json>")
|
||||
sys.exit(1)
|
||||
|
||||
main()
|
||||
|
||||
@@ -22,10 +22,15 @@ $url = "https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany
|
||||
# One liner to download and execute winPEASany from memory in a PS shell
|
||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
|
||||
|
||||
# Before cmd in 3 lines
|
||||
# The cprevios cmd in 2 lines
|
||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
|
||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||
|
||||
# Download to disk and execute (super noisy)
|
||||
$wc = New-Object System.Net.WebClient
|
||||
$wc.DownloadFile("https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany_ofs.exe", "winPEASany_ofs.exe")
|
||||
.\winPEASany_ofs.exe
|
||||
|
||||
# Load from disk in memory and execute:
|
||||
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
|
||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||
|
||||
@@ -12,10 +12,10 @@ namespace winPEAS.Checks
|
||||
|
||||
Dictionary<string, string> colorsTraining = new Dictionary<string, string>()
|
||||
{
|
||||
{ "training.hacktricks.wiki", Beaprint.ansi_color_good },
|
||||
{ "training.hacktricks.xyz", Beaprint.ansi_color_good },
|
||||
{ "Learn & practice cloud hacking in", Beaprint.ansi_color_yellow },
|
||||
};
|
||||
Beaprint.AnsiPrint("Learn and practice cloud hacking in training.hacktricks.wiki", colorsTraining);
|
||||
Beaprint.AnsiPrint("Learn and practice cloud hacking in training.hacktricks.xyz", colorsTraining);
|
||||
|
||||
var cloudInfoList = new List<CloudInfoBase>
|
||||
{
|
||||
|
||||
@@ -81,7 +81,7 @@ namespace winPEAS.Helpers
|
||||
/---------------------------------------------------------------------------------\
|
||||
| {1}Do you like PEASS?{0} |
|
||||
|---------------------------------------------------------------------------------|
|
||||
| {3}Learn Cloud Hacking{0} : {2}training.hacktricks.wiki{0} |
|
||||
| {3}Learn Cloud Hacking{0} : {2}training.hacktricks.xyz {0} |
|
||||
| {3}Follow on Twitter{0} : {2}@hacktricks_live{0} |
|
||||
| {3}Respect on HTB{0} : {2}SirBroccoli {0} |
|
||||
|---------------------------------------------------------------------------------|
|
||||
|
||||
@@ -1,20 +1,53 @@
|
||||
using System.Collections.Generic;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Net;
|
||||
using System;
|
||||
using System.Diagnostics;
|
||||
|
||||
namespace winPEAS.Info.CloudInfo
|
||||
{
|
||||
internal class AzureInfo : CloudInfoBase
|
||||
{
|
||||
public override string Name => "Azure VM";
|
||||
public override bool IsCloud => Directory.Exists(WINDOWS_AZURE_FOLDER);
|
||||
|
||||
// The Name property now differentiates between an Azure VM and an Azure Container.
|
||||
public override string Name
|
||||
{
|
||||
get
|
||||
{
|
||||
if (IsContainer())
|
||||
return "Azure Container"; // **Container environment detected**
|
||||
return "Azure VM"; // **VM environment detected**
|
||||
}
|
||||
}
|
||||
|
||||
// IsCloud now returns true if either the Azure VM folder exists or container env vars are set.
|
||||
public override bool IsCloud => Directory.Exists(WINDOWS_AZURE_FOLDER) || IsContainer();
|
||||
|
||||
private Dictionary<string, List<EndpointData>> _endpointData = null;
|
||||
|
||||
const string WINDOWS_AZURE_FOLDER = "c:\\windowsazure";
|
||||
const string AZURE_BASE_URL = "http://169.254.169.254/metadata/";
|
||||
const string API_VERSION = "2021-12-13";
|
||||
const string CONTAINER_API_VERSION = "2019-08-01";
|
||||
|
||||
public static bool DoesProcessExist(string processName)
|
||||
{
|
||||
// Return false if the process name is null or empty
|
||||
if (string.IsNullOrEmpty(processName))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Retrieve all processes matching the specified name
|
||||
Process[] processes = Process.GetProcessesByName(processName);
|
||||
return processes.Length > 0;
|
||||
}
|
||||
|
||||
// New helper method to detect if running inside an Azure container
|
||||
private bool IsContainer()
|
||||
{
|
||||
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")) ||
|
||||
!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("MSI_ENDPOINT"));
|
||||
}
|
||||
|
||||
public override Dictionary<string, List<EndpointData>> EndpointDataList()
|
||||
{
|
||||
@@ -25,28 +58,38 @@ namespace winPEAS.Info.CloudInfo
|
||||
|
||||
try
|
||||
{
|
||||
string result;
|
||||
string result;
|
||||
List<Tuple<string, string, bool>> endpoints;
|
||||
|
||||
List<Tuple<string, string, bool>> endpoints = new List<Tuple<string, string, bool>>()
|
||||
if (IsContainer())
|
||||
{
|
||||
new Tuple<string, string, bool>("Instance Details", $"instance?api-version={API_VERSION}", false),
|
||||
new Tuple<string, string, bool>("Load Balancer details", $"loadbalancer?api-version={API_VERSION}", false),
|
||||
new Tuple<string, string, bool>("Management token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://management.azure.com/", true),
|
||||
new Tuple<string, string, bool>("Graph token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://graph.microsoft.com/", true),
|
||||
new Tuple<string, string, bool>("Vault token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://vault.azure.net/", true),
|
||||
new Tuple<string, string, bool>("Storage token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://storage.azure.com/", true)
|
||||
};
|
||||
|
||||
if (IsAvailable)
|
||||
{
|
||||
|
||||
|
||||
// **Running in Azure Container: use the container endpoint and add the "Secret" header if available**
|
||||
string containerBaseUrl = Environment.GetEnvironmentVariable("MSI_ENDPOINT") ??
|
||||
Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT");
|
||||
endpoints = new List<Tuple<string, string, bool>>()
|
||||
{
|
||||
new Tuple<string, string, bool>("Management token", $"?api-version={CONTAINER_API_VERSION}&resource=https://management.azure.com/", true),
|
||||
new Tuple<string, string, bool>("Graph token", $"?api-version={CONTAINER_API_VERSION}&resource=https://graph.microsoft.com/", true),
|
||||
new Tuple<string, string, bool>("Vault token", $"?api-version={CONTAINER_API_VERSION}&resource=https://vault.azure.net/", true),
|
||||
new Tuple<string, string, bool>("Storage token", $"?api-version={CONTAINER_API_VERSION}&resource=https://storage.azure.com/", true)
|
||||
};
|
||||
|
||||
foreach (var tuple in endpoints)
|
||||
{
|
||||
string url = $"{AZURE_BASE_URL}{tuple.Item2}";
|
||||
|
||||
result = CreateMetadataAPIRequest(url, "GET", new WebHeaderCollection() { { "Metadata", "true" } });
|
||||
|
||||
// Ensure proper URL formatting.
|
||||
string url = $"{containerBaseUrl}{(containerBaseUrl.EndsWith("/") ? "" : "/")}{tuple.Item2}";
|
||||
var headers = new WebHeaderCollection();
|
||||
string msiSecret = Environment.GetEnvironmentVariable("MSI_SECRET");
|
||||
if (!string.IsNullOrEmpty(msiSecret))
|
||||
{
|
||||
headers.Add("Secret", msiSecret);
|
||||
}
|
||||
string identitySecret = Environment.GetEnvironmentVariable("IDENTITY_HEADER");
|
||||
if (!string.IsNullOrEmpty(identitySecret))
|
||||
{
|
||||
headers.Add("X-IDENTITY-HEADER", identitySecret);
|
||||
}
|
||||
result = CreateMetadataAPIRequest(url, "GET", headers);
|
||||
_endpointDataList.Add(new EndpointData()
|
||||
{
|
||||
EndpointName = tuple.Item1,
|
||||
@@ -54,12 +97,36 @@ namespace winPEAS.Info.CloudInfo
|
||||
IsAttackVector = tuple.Item3
|
||||
});
|
||||
}
|
||||
}
|
||||
else if (Directory.Exists(WINDOWS_AZURE_FOLDER))
|
||||
{
|
||||
// **Running in Azure VM: use the standard metadata endpoint with "Metadata: true" header**
|
||||
endpoints = new List<Tuple<string, string, bool>>()
|
||||
{
|
||||
new Tuple<string, string, bool>("Instance Details", $"instance?api-version={API_VERSION}", false),
|
||||
new Tuple<string, string, bool>("Load Balancer details", $"loadbalancer?api-version={API_VERSION}", false),
|
||||
new Tuple<string, string, bool>("Management token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://management.azure.com/", true),
|
||||
new Tuple<string, string, bool>("Graph token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://graph.microsoft.com/", true),
|
||||
new Tuple<string, string, bool>("Vault token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://vault.azure.net/", true),
|
||||
new Tuple<string, string, bool>("Storage token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://storage.azure.com/", true)
|
||||
};
|
||||
|
||||
|
||||
foreach (var tuple in endpoints)
|
||||
{
|
||||
string url = $"{AZURE_BASE_URL}{tuple.Item2}";
|
||||
result = CreateMetadataAPIRequest(url, "GET", new WebHeaderCollection() { { "Metadata", "true" } });
|
||||
_endpointDataList.Add(new EndpointData()
|
||||
{
|
||||
EndpointName = tuple.Item1,
|
||||
Data = result,
|
||||
IsAttackVector = tuple.Item3
|
||||
});
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach (var endpoint in endpoints)
|
||||
// If neither container nor VM, endpoints remain unset.
|
||||
foreach (var endpoint in new List<Tuple<string, string, bool>>())
|
||||
{
|
||||
_endpointDataList.Add(new EndpointData()
|
||||
{
|
||||
@@ -70,10 +137,27 @@ namespace winPEAS.Info.CloudInfo
|
||||
}
|
||||
}
|
||||
|
||||
string hwsRun = DoesProcessExist("HybridWorkerService") ? "Yes" : "No";
|
||||
_endpointDataList.Add(new EndpointData()
|
||||
{
|
||||
EndpointName = "HybridWorkerService.exe Running",
|
||||
Data = hwsRun,
|
||||
IsAttackVector = true
|
||||
});
|
||||
|
||||
string OSRun = DoesProcessExist("Orchestrator.Sandbox") ? "Yes" : "No";
|
||||
_endpointDataList.Add(new EndpointData()
|
||||
{
|
||||
EndpointName = "Orchestrator.Sandbox.exe Running",
|
||||
Data = OSRun,
|
||||
IsAttackVector = true
|
||||
});
|
||||
|
||||
_endpointData.Add("General", _endpointDataList);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
// **Exception handling (e.g., logging) can be added here**
|
||||
}
|
||||
}
|
||||
|
||||
@@ -82,7 +166,31 @@ namespace winPEAS.Info.CloudInfo
|
||||
|
||||
public override bool TestConnection()
|
||||
{
|
||||
return CreateMetadataAPIRequest(AZURE_BASE_URL, "GET") != null;
|
||||
}
|
||||
if (IsContainer())
|
||||
{
|
||||
// **Test connection for Azure Container**
|
||||
string containerBaseUrl = Environment.GetEnvironmentVariable("MSI_ENDPOINT") ??
|
||||
Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT");
|
||||
if (string.IsNullOrEmpty(containerBaseUrl))
|
||||
return false;
|
||||
var headers = new WebHeaderCollection();
|
||||
string msiSecret = Environment.GetEnvironmentVariable("MSI_SECRET");
|
||||
if (!string.IsNullOrEmpty(msiSecret))
|
||||
{
|
||||
headers.Add("Secret", msiSecret);
|
||||
}
|
||||
string identitySecret = Environment.GetEnvironmentVariable("IDENTITY_HEADER");
|
||||
if (!string.IsNullOrEmpty(identitySecret))
|
||||
{
|
||||
headers.Add("X-IDENTITY-HEADER", identitySecret);
|
||||
}
|
||||
return CreateMetadataAPIRequest(containerBaseUrl, "GET", headers) != null;
|
||||
}
|
||||
else
|
||||
{
|
||||
// **Test connection for Azure VM**
|
||||
return CreateMetadataAPIRequest(AZURE_BASE_URL, "GET", new WebHeaderCollection() { { "Metadata", "true" } }) != null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user