private static void PrintAppCmd()
{
try
{
Beaprint.MainPrint("Looking AppCmd.exe");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#appcmd-exe");
var appCmdPath = Environment.ExpandEnvironmentVariables(@"%systemroot%\system32\inetsrv\appcmd.exe");
if (File.Exists(appCmdPath))
{
Beaprint.BadPrint($" AppCmd.exe was found in {appCmdPath}");
}
else
{
Beaprint.NotFoundPrint();
}
if (!MyUtils.IsHighIntegrity())
{
Beaprint.NoColorPrint(" You must be an administrator to run this check");
return;
}
var script = AppCmd.GetExtractAppCmdCredsPowerShellScript();
string args = @$ " {script}";
var processStartInfo = new ProcessStartInfo
{
UseShellExecute = false,
CreateNoWindow = true,
FileName = "powershell.exe",
Arguments = args,
RedirectStandardOutput = true,
RedirectStandardError = true,
StandardOutputEncoding = Encoding.UTF8
};
using (var process = Process.Start(processStartInfo))
{
if (process != null)
{
while (!process.StandardOutput.EndOfStream)
{
Beaprint.BadPrint($" {process.StandardOutput.ReadLine()}");
}
while (!process.StandardError.EndOfStream)
{
Console.WriteLine(process.StandardError.ReadLine());
}
}
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
public CmdAccept(string machineCode, AppCmd appCmd)
{
MachineCode = machineCode;
AppCmd = appCmd;
}
public Authentication(
string site,
AppCmd appCmd)
{
Anonymous = new AnonymousAuthentication(site, appCmd);
}
