private static void PrintAppCmd() { try { Beaprint.MainPrint("Looking AppCmd.exe"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#appcmd-exe"); var appCmdPath = Environment.ExpandEnvironmentVariables(@"%systemroot%\system32\inetsrv\appcmd.exe"); if (File.Exists(appCmdPath)) { Beaprint.BadPrint($" AppCmd.exe was found in {appCmdPath}"); } else { Beaprint.NotFoundPrint(); } if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } var script = AppCmd.GetExtractAppCmdCredsPowerShellScript(); string args = @$ " {script}"; var processStartInfo = new ProcessStartInfo { UseShellExecute = false, CreateNoWindow = true, FileName = "powershell.exe", Arguments = args, RedirectStandardOutput = true, RedirectStandardError = true, StandardOutputEncoding = Encoding.UTF8 }; using (var process = Process.Start(processStartInfo)) { if (process != null) { while (!process.StandardOutput.EndOfStream) { Beaprint.BadPrint($" {process.StandardOutput.ReadLine()}"); } while (!process.StandardError.EndOfStream) { Console.WriteLine(process.StandardError.ReadLine()); } } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
public CmdAccept(string machineCode, AppCmd appCmd) { MachineCode = machineCode; AppCmd = appCmd; }
public Authentication( string site, AppCmd appCmd) { Anonymous = new AnonymousAuthentication(site, appCmd); }