void PrintPossCredsRegs() { try { string[] passRegHkcu = new string[] { @"Software\ORL\WinVNC3\Password", @"Software\TightVNC\Server", @"Software\SimonTatham\PuTTY\Sessions" }; string[] passRegHklm = new string[] { @"SYSTEM\CurrentControlSet\Services\SNMP" }; Beaprint.MainPrint("Looking for possible regs with creds"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#inside-the-registry"); string winVnc4 = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\RealVNC\WinVNC4", "password"); if (!string.IsNullOrEmpty(winVnc4.Trim())) { Beaprint.BadPrint(winVnc4); } foreach (string regHkcu in passRegHkcu) { Beaprint.DictPrint(RegistryHelper.GetRegValues("HKLM", regHkcu), false); } foreach (string regHklm in passRegHklm) { Beaprint.DictPrint(RegistryHelper.GetRegValues("HKLM", regHklm), false); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintProcessCreationEvents() { try { Beaprint.MainPrint("Process creation events - searching logs (EID 4688) for sensitive data.\n"); if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } foreach (var eventInfo in ProcessCreation.GetProcessCreationEventInfos()) { Beaprint.BadPrint($" Created (UTC) : {eventInfo.CreatedAtUtc}\n" + $" Event Id : {eventInfo.EventId}\n" + $" User : {eventInfo.User}\n" + $" Command Line : {eventInfo.Match}\n"); Beaprint.PrintLineSeparator(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static bool CheckDirectoryWriteAccess(string directory, out bool isDirectoryExisting, bool isGoodPrint = true) { isDirectoryExisting = true; if (!Directory.Exists(directory)) { Beaprint.BadPrint($" Directory \"{directory}\" does not exist."); isDirectoryExisting = false; } else { var folderPermissions = PermissionsHelper.GetPermissionsFolder(directory, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT); if (folderPermissions.Count > 0) { Beaprint.BadPrint($" Directory \"{directory}\" Permissions: " + string.Join(",", folderPermissions)); } else { if (isGoodPrint) { Beaprint.GoodPrint($" {directory}"); } } return(folderPermissions.Count > 0); } return(false); }
private static void PrintDBsFirefox() { try { Beaprint.MainPrint("Looking for Firefox DBs"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history"); List <string> firefoxDBs = Firefox.GetFirefoxDbs(); if (firefoxDBs.Count > 0) { foreach (string firefoxDB in firefoxDBs) //No Beaprints because line needs red { Beaprint.BadPrint(" Firefox credentials file exists at " + firefoxDB); } Beaprint.InfoPrint("Run SharpWeb (https://github.com/djhohnstein/SharpWeb)"); } else { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static bool CheckFileWriteAccess(string path) { if (string.IsNullOrWhiteSpace(path)) { return(false); } if (File.Exists(path)) { var filePermissions = PermissionsHelper.GetPermissionsFile(path, Checks.Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT); if (filePermissions.Count > 0) { Beaprint.BadPrint($" File \"{path}\" Permissions: " + string.Join(",", filePermissions)); return(true); } } else { Beaprint.BadPrint($" File \"{path}\" does not exist."); } return(false); }
private static void PrintAppCmd() { try { Beaprint.MainPrint("Looking AppCmd.exe"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#appcmd-exe"); var appCmdPath = Environment.ExpandEnvironmentVariables(@"%systemroot%\system32\inetsrv\appcmd.exe"); if (File.Exists(appCmdPath)) { Beaprint.BadPrint($" AppCmd.exe was found in {appCmdPath}"); } else { Beaprint.NotFoundPrint(); } if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } var script = AppCmd.GetExtractAppCmdCredsPowerShellScript(); string args = @$ " {script}"; var processStartInfo = new ProcessStartInfo { UseShellExecute = false, CreateNoWindow = true, FileName = "powershell.exe", Arguments = args, RedirectStandardOutput = true, RedirectStandardError = true, StandardOutputEncoding = Encoding.UTF8 }; using (var process = Process.Start(processStartInfo)) { if (process != null) { while (!process.StandardOutput.EndOfStream) { Beaprint.BadPrint($" {process.StandardOutput.ReadLine()}"); } while (!process.StandardError.EndOfStream) { Console.WriteLine(process.StandardError.ReadLine()); } } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintOtherUsersInterestingFiles() { try { Beaprint.MainPrint("Searching interesting files in other users home directories (can be slow)\n"); // check if admin already, if yes, print a message, if not, try to enumerate all files if (MyUtils.IsHighIntegrity()) { Beaprint.BadPrint(" You are already Administrator, check users home folders manually."); } else // get all files and check them { var users = User.GetOtherUsersFolders(); foreach (var user in users) { Beaprint.GoodPrint($" Checking folder: {user}\n"); var files = SearchHelper.GetFilesFast(user, isFoldersIncluded: true); foreach (var file in files) { try { FileAttributes attr = File.GetAttributes(file.FullPath); if ((attr & FileAttributes.Directory) == FileAttributes.Directory) { List <string> dirRights = PermissionsHelper.GetPermissionsFolder(file.FullPath, Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT); if (dirRights.Count > 0) { Beaprint.BadPrint($" Folder Permissions \"{file.FullPath}\": " + string.Join(",", dirRights)); } } else { List <string> fileRights = PermissionsHelper.GetPermissionsFile(file.FullPath, Checks.CurrentUserSiDs, PermissionType.WRITEABLE_OR_EQUIVALENT); if (fileRights.Count > 0) { Beaprint.BadPrint($" File Permissions \"{file.FullPath}\": " + string.Join(",", fileRights)); } } } catch (Exception) { } } Beaprint.PrintLineSeparator(); } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintWifi() { try { Beaprint.MainPrint("Looking for saved Wifi credentials"); foreach (var @interface in new WlanClient().Interfaces) { foreach (var profile in @interface.GetProfiles()) { var xml = @interface.GetProfileXml(profile.profileName); XmlDocument xDoc = new XmlDocument(); xDoc.LoadXml(xml); var keyMaterial = xDoc.GetElementsByTagName("keyMaterial"); if (keyMaterial.Count > 0) { string password = keyMaterial[0].InnerText; Beaprint.BadPrint($" SSID : '{profile.profileName}\n'" + $" password : '******' \n\n"); } } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintActiveWindow() { try { Beaprint.MainPrint("Current Active Window Application"); string title = ApplicationInfoHelper.GetActiveWindowTitle(); List <string> permsFile = PermissionsHelper.GetPermissionsFile(title, winPEAS.Checks.Checks.CurrentUserSiDs); List <string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, winPEAS.Checks.Checks.CurrentUserSiDs); if (permsFile.Count > 0) { Beaprint.BadPrint(" " + title); Beaprint.BadPrint(" File Permissions: " + string.Join(",", permsFile)); } else { Beaprint.GoodPrint(" " + title); } if (permsFolder.Count > 0) { Beaprint.BadPrint(" Possible DLL Hijacking, folder is writable: " + PermissionsHelper.GetFolderFromString(title)); Beaprint.BadPrint(" Folder Permissions: " + string.Join(",", permsFile)); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintDBsChrome() { try { Beaprint.MainPrint("Looking for Chrome DBs"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history"); Dictionary <string, string> chromeDBs = Chrome.GetChromeDbs(); if (chromeDBs.ContainsKey("userChromeCookiesPath")) { Beaprint.BadPrint(" Chrome cookies database exists at " + chromeDBs["userChromeCookiesPath"]); Beaprint.InfoPrint("Follow the provided link for further instructions."); } if (chromeDBs.ContainsKey("userChromeLoginDataPath")) { Beaprint.BadPrint(" Chrome saved login database exists at " + chromeDBs["userChromeCookiesPath"]); Beaprint.InfoPrint("Follow the provided link for further instructions."); } if ((!chromeDBs.ContainsKey("userChromeLoginDataPath")) && (!chromeDBs.ContainsKey("userChromeCookiesPath"))) { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintModifiableServices() { try { Beaprint.MainPrint("Modifiable Services"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services", "Check if you can modify any service"); if (modifiableServices.Count > 0) { Beaprint.BadPrint(" LOOKS LIKE YOU CAN MODIFY SOME SERVICE/s:"); Dictionary <string, string> colorsMS = new Dictionary <string, string>() { { ".*", Beaprint.ansi_color_bad }, }; Beaprint.DictPrint(modifiableServices, colorsMS, false, true); } else { Beaprint.GoodPrint(" You cannot modify any service"); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
static void PrintAlwaysInstallElevated() { try { Beaprint.MainPrint("Checking AlwaysInstallElevated"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#alwaysinstallelevated"); string path = "Software\\Policies\\Microsoft\\Windows\\Installer"; string HKLM_AIE = RegistryHelper.GetRegValue("HKLM", path, "AlwaysInstallElevated"); string HKCU_AIE = RegistryHelper.GetRegValue("HKCU", path, "AlwaysInstallElevated"); if (HKLM_AIE == "1") { Beaprint.BadPrint(" AlwaysInstallElevated set to 1 in HKLM!"); } if (HKCU_AIE == "1") { Beaprint.BadPrint(" AlwaysInstallElevated set to 1 in HKCU!"); } if (HKLM_AIE != "1" && HKCU_AIE != "1") { Beaprint.GoodPrint(" AlwaysInstallElevated isn't available"); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintSSHKeysReg() { try { Beaprint.MainPrint("SSH keys in registry"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#ssh-keys-in-registry", "If you find anything here, follow the link to learn how to decrypt the SSH keys"); string[] ssh_reg = RegistryHelper.GetRegSubkeys("HKCU", @"OpenSSH\Agent\Keys"); if (ssh_reg.Length == 0) { Beaprint.NotFoundPrint(); } else { foreach (string ssh_key_entry in ssh_reg) { Beaprint.BadPrint(ssh_key_entry); } } } catch (Exception ex) { Beaprint.GrayPrint(string.Format("{0}", ex)); } }
private static void PrintSecurityPackagesCredentials() { Beaprint.MainPrint("Enumerating Security Packages Credentials"); try { var credentials = (SecurityPackages.GetNtlmCredentials() ?? Enumerable.Empty <NtlmHashInfo>()).ToList(); if (credentials.Any()) { foreach (var credential in credentials) { if (credential != null) { Beaprint.BadPrint($" Version: {credential.Version}\n" + $" Hash: {credential.Hash}\n"); Beaprint.PrintLineSeparator(); } } } else { Beaprint.GoodPrint(" The NTLM security package does not contain any credentials."); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintExplicitLogonEvents() { try { var lastDays = 30; Beaprint.MainPrint($"Printing Explicit Credential Events (4648) for last {lastDays} days - A process logged on using plaintext credentials\n"); if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } var explicitLogonInfos = Logon.GetExplicitLogonEventsInfos(lastDays); foreach (var logonInfo in explicitLogonInfos) { Beaprint.BadPrint($" Subject User : {logonInfo.SubjectUser}\n" + $" Subject Domain : {logonInfo.SubjectDomain}\n" + $" Created (UTC) : {logonInfo.CreatedAtUtc}\n" + $" IP Address : {logonInfo.IpAddress}\n" + $" Process : {logonInfo.Process}\n" + $" Target User : {logonInfo.TargetUser}\n" + $" Target Domain : {logonInfo.TargetDomain}\n"); Beaprint.PrintLineSeparator(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintCloudCreds() { try { Beaprint.MainPrint("Cloud Credentials"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files"); List <Dictionary <string, string> > could_creds = KnownFileCredsInfo.ListCloudCreds(); if (could_creds.Count != 0) { foreach (Dictionary <string, string> cc in could_creds) { string formString = " {0} ({1})\n Accessed:{2} -- Size:{3}"; Beaprint.BadPrint(string.Format(formString, cc["file"], cc["Description"], cc["Accessed"], cc["Size"])); System.Console.WriteLine(""); } } else { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintColored(string str, bool isBad) { if (isBad) { Beaprint.BadPrint(str); } else { Beaprint.NoColorPrint(str); } }
private static void PrintWifi() { try { Beaprint.MainPrint("Looking for saved Wifi credentials"); WlanClient wlanClient = new WlanClient(); foreach (var @interface in new WlanClient().Interfaces) { foreach (var profile in @interface.GetProfiles()) { var xml = @interface.GetProfileXml(profile.profileName); XmlDocument xDoc = new XmlDocument(); xDoc.LoadXml(xml); var keyMaterial = xDoc.GetElementsByTagName("keyMaterial"); if (keyMaterial.Count > 0) { string password = keyMaterial[0].InnerText; Beaprint.BadPrint($" SSID : '{profile.profileName}\n'" + $" password : '******' \n\n"); } } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); // revert to old way Beaprint.NoColorPrint("Enumerating WLAN using wlanapi.dll failed, trying to enumerate using 'netsh'"); Dictionary <string, string> networkConnections = Wifi.Wifi.Retrieve(); Dictionary <string, string> ansi_colors_regexp = new Dictionary <string, string>(); if (networkConnections.Count > 0) { //Make sure the passwords are all flagged as ansi_color_bad. foreach (var connection in networkConnections) { ansi_colors_regexp.Add(connection.Value, Beaprint.ansi_color_bad); } Beaprint.DictPrint(networkConnections, ansi_colors_regexp, false); } else { Beaprint.NoColorPrint("No saved Wifi credentials found"); } } }
private static void PrintLSAInfo() { try { Beaprint.MainPrint("Enumerate LSA settings - auth packages included\n"); var settings = RegistryHelper.GetRegValues("HKLM", "SYSTEM\\CurrentControlSet\\Control\\Lsa"); if ((settings != null) && (settings.Count != 0)) { foreach (var kvp in settings) { var val = string.Empty; if (kvp.Value.GetType().IsArray&& (kvp.Value.GetType().GetElementType().ToString() == "System.String")) { val = string.Join(",", (string[])kvp.Value); } else if (kvp.Value.GetType().IsArray&& (kvp.Value.GetType().GetElementType().ToString() == "System.Byte")) { val = System.BitConverter.ToString((byte[])kvp.Value); } else { val = kvp.Value.ToString(); } var key = kvp.Key; Beaprint.NoColorPrint($" {key,-30} : {val}"); if (Regex.IsMatch(key, "Security Packages") && Regex.IsMatch(val, @".*wdigest.*")) { Beaprint.BadPrint(" [!] WDigest is enabled - plaintext password extraction is possible!"); } if (key.Equals("RunAsPPL", System.StringComparison.InvariantCultureIgnoreCase) && val == "1") { Beaprint.BadPrint(" [!] LSASS Protected Mode is enabled! You will not be able to access lsass.exe's memory easily."); } if (key.Equals("DisableRestrictedAdmin", System.StringComparison.InvariantCultureIgnoreCase) && val == "0") { Beaprint.BadPrint(" [!] RDP Restricted Admin Mode is enabled! You can use pass-the-hash to access RDP on this system."); } } } } catch (Exception ex) { } }
private static void PrintUsers(HashSet <string> users) { if (users == null) { return; } var set = users.OrderBy(u => u).ToArray(); foreach (var user in set) { Beaprint.BadPrint($" {user}"); } }
private static bool ProcessResult( CustomFileInfo fileInfo, Helpers.YamlConfig.YamlConfig.SearchParameters.FileSettings fileSettings, ref int resultsCount) { // print depending on the options here resultsCount++; if (resultsCount > ListFileLimit) { return(false); } if (fileSettings.type == "f") { var colors = new Dictionary <string, string>(); colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad); Beaprint.AnsiPrint($"File: {fileInfo.FullPath}", colors); if (!(bool)fileSettings.just_list_file) { GrepResult(fileInfo, fileSettings); } } else if (fileSettings.type == "d") { var colors = new Dictionary <string, string>(); colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad); Beaprint.AnsiPrint($"Folder: {fileInfo.FullPath}", colors); // just list the directory if ((bool)fileSettings.just_list_file) { string[] files = Directory.GetFiles(fileInfo.FullPath, "*", SearchOption.TopDirectoryOnly); foreach (var file in files) { Beaprint.BadPrint($" {file}"); } } else { // should not happen } } return(true); }
static void PrintWdigest() { Beaprint.MainPrint("Wdigest"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/stealing-credentials/credentials-protections#wdigest", "If enabled, plain-text crds could be stored in LSASS"); string useLogonCredential = RegistryHelper.GetRegValue("HKLM", @"SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest", "UseLogonCredential"); if (useLogonCredential == "1") { Beaprint.BadPrint(" Wdigest is active"); } else { Beaprint.GoodPrint(" Wdigest is not enabled"); } }
static void PrintLSAProtection() { Beaprint.MainPrint("LSA Protection"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/stealing-credentials/credentials-protections#lsa-protection", "If enabled, a driver is needed to read LSASS memory (If Secure Boot or UEFI, RunAsPPL cannot be disabled by deleting the registry key)"); string useLogonCredential = RegistryHelper.GetRegValue("HKLM", @"SYSTEM\CurrentControlSet\Control\LSA", "RunAsPPL"); if (useLogonCredential == "1") { Beaprint.GoodPrint(" LSA Protection is active"); } else { Beaprint.BadPrint(" LSA Protection is not enabled"); } }
void PrintClipboardText() { try { Beaprint.MainPrint("Clipboard text"); string clipboard = UserInfoHelper.GetClipboardText(); if (!string.IsNullOrEmpty(clipboard)) { Beaprint.BadPrint(clipboard); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintSAMBackups() { try { Beaprint.MainPrint("Looking for common SAM & SYSTEM backups"); List <string> sam_files = InterestingFiles.InterestingFiles.GetSAMBackups(); foreach (string path in sam_files) { Beaprint.BadPrint(" " + path); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintInstalledApps() { try { Beaprint.MainPrint("Installed Applications --Via Program Files/Uninstall registry--"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software", "Check if you can modify installed software"); SortedDictionary <string, Dictionary <string, string> > installedAppsPerms = InstalledApps.GetInstalledAppsPerms(); string format = " ==> {0} ({1})"; foreach (KeyValuePair <string, Dictionary <string, string> > app in installedAppsPerms) { if (string.IsNullOrEmpty(app.Value.ToString())) //If empty, nothing found, is good { Beaprint.GoodPrint(app.Key); } else //Then, we need to look deeper { //Checkeamos si la carpeta (que va a existir como subvalor dentro de si misma) debe ser good if (string.IsNullOrEmpty(app.Value[app.Key])) { Beaprint.GoodPrint(" " + app.Key); } else { Beaprint.BadPrint(string.Format(" {0}({1})", app.Key, app.Value[app.Key])); app.Value[app.Key] = ""; //So no reprinted later } //Check the rest of the values to see if we have something to print in red (permissions) foreach (KeyValuePair <string, string> subfolder in app.Value) { if (!string.IsNullOrEmpty(subfolder.Value)) { Beaprint.BadPrint(string.Format(format, subfolder.Key, subfolder.Value)); } } } } Console.WriteLine(); } catch (Exception e) { Beaprint.PrintException(e.Message); } }
static void PrintWSUS() { try { Beaprint.MainPrint("Checking WSUS"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#wsus"); string path = "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate"; string path2 = "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU"; string HKLM_WSUS = RegistryHelper.GetRegValue("HKLM", path, "WUServer"); string using_HKLM_WSUS = RegistryHelper.GetRegValue("HKLM", path, "UseWUServer"); if (HKLM_WSUS.Contains("http://")) { Beaprint.BadPrint(" WSUS is using http: " + HKLM_WSUS); Beaprint.InfoPrint("You can test https://github.com/pimps/wsuxploit to escalate privileges"); if (using_HKLM_WSUS == "1") { Beaprint.BadPrint(" And UseWUServer is equals to 1, so it is vulnerable!"); } else if (using_HKLM_WSUS == "0") { Beaprint.GoodPrint(" But UseWUServer is equals to 0, so it is not vulnerable!"); } else { System.Console.WriteLine(" But UseWUServer is equals to " + using_HKLM_WSUS + ", so it may work or not"); } } else { if (string.IsNullOrEmpty(HKLM_WSUS)) { Beaprint.NotFoundPrint(); } else { Beaprint.GoodPrint(" WSUS value: " + HKLM_WSUS); } } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintUnattendFiles() { try { Beaprint.MainPrint("Unattend Files"); //Beaprint.LinkPrint(""); List <string> unattended_files = Unattended.GetUnattendedInstallFiles(); foreach (string path in unattended_files) { List <string> pwds = Unattended.ExtractUnattendedPwd(path); Beaprint.BadPrint(" " + path); System.Console.WriteLine(string.Join("\n", pwds)); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
static void PrintCachedCreds() { Beaprint.MainPrint("Cached Creds"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/stealing-credentials/credentials-protections#cached-credentials", "If > 0, credentials will be cached in the registry and accessible by SYSTEM user"); string cachedlogonscount = RegistryHelper.GetRegValue("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "CACHEDLOGONSCOUNT"); if (!string.IsNullOrEmpty(cachedlogonscount)) { int clc = Int16.Parse(cachedlogonscount); if (clc > 0) { Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount); } else { Beaprint.BadPrint(" cachedlogonscount is " + cachedlogonscount); } } }
internal static void PrintInfo() { Beaprint.MainPrint("Slack files & directories"); Beaprint.ColorPrint(" note: check manually if something is found", Beaprint.YELLOW); var userDirs = User.GetUsersFolders(); foreach (var userDir in userDirs) { try { var userSlackDir = Path.Combine(userDir, SlackBasePath); if (Directory.Exists(userSlackDir)) { Beaprint.BadPrint($" Directory: {userSlackDir}"); var userSlackCookiesFile = Path.Combine(userSlackDir, "Cookies"); if (File.Exists(userSlackCookiesFile)) { Beaprint.BadPrint($" File: {userSlackCookiesFile}"); } var userSlackWorkspacesPath = Path.Combine(userSlackDir, @"storage\slack-workspaces"); if (File.Exists(userSlackWorkspacesPath)) { Beaprint.BadPrint($" File: {userSlackWorkspacesPath}"); } var userSlackDownloadsPath = Path.Combine(userSlackDir, @"storage\slack-downloads"); if (File.Exists(userSlackDownloadsPath)) { Beaprint.BadPrint($" File: {userSlackDownloadsPath}"); } } } catch (Exception) { } } }