void PrintCU()
{
try
{
Beaprint.MainPrint("Users");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#users-and-groups", "Check if you have some admin equivalent privileges");
List <string> usersGrps = User.GetMachineUsers(false, false, false, false, true);
Beaprint.AnsiPrint(" Current user: "******" Current groups: " + string.Join(", ", currentGroupsNames), ColorsU());
Beaprint.PrintLineSeparator();
Beaprint.ListPrint(usersGrps, ColorsU());
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
void PrintEverLoggedUsers()
{
try
{
Beaprint.MainPrint("Ever logged users");
List <string> everLogged = User.GetEverLoggedUsers();
Beaprint.ListPrint(everLogged, ColorsU());
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
void PrintUsersDocsKeys()
{
try
{
Beaprint.MainPrint("Looking for documents --limit 100--");
List <string> docFiles = InterestingFiles.InterestingFiles.ListUsersDocs();
Beaprint.ListPrint(docFiles.GetRange(0, docFiles.Count <= 100 ? docFiles.Count : 100));
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
void PrintLoggedUsers()
{
try
{
Beaprint.MainPrint("Logged users");
List <string> loggedUsers = User.GetLoggedUsers();
Beaprint.ListPrint(loggedUsers, ColorsU());
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private static void PrintCurrentIETabs()
{
try
{
Beaprint.MainPrint("Current IE tabs");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
List <string> urls = InternetExplorer.GetCurrentIETabs();
Dictionary <string, string> colorsB = new Dictionary <string, string>()
{
{ Globals.PrintCredStrings, Beaprint.ansi_color_bad },
};
Beaprint.ListPrint(urls, colorsB);
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private static void PrintHistBookChrome()
{
try
{
Beaprint.MainPrint("Looking for GET credentials in Chrome history");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
Dictionary <string, List <string> > chromeHistBook = Chrome.GetChromeHistBook();
List <string> history = chromeHistBook["history"];
List <string> bookmarks = chromeHistBook["bookmarks"];
if (history.Count > 0)
{
Dictionary <string, string> colorsB = new Dictionary <string, string>()
{
{ Globals.PrintCredStrings, Beaprint.ansi_color_bad },
};
foreach (string url in history)
{
if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex))
{
Beaprint.AnsiPrint(" " + url, colorsB);
}
}
Console.WriteLine();
}
else
{
Beaprint.NotFoundPrint();
}
Beaprint.MainPrint("Chrome bookmarks");
Beaprint.ListPrint(bookmarks);
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private static void PrintHistFavIE()
{
try
{
Beaprint.MainPrint("Looking for GET credentials in IE history");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#browsers-history");
Dictionary <string, List <string> > chromeHistBook = InternetExplorer.GetIEHistFav();
List <string> history = chromeHistBook["history"];
List <string> favorites = chromeHistBook["favorites"];
if (history.Count > 0)
{
Dictionary <string, string> colorsB = new Dictionary <string, string>()
{
{ Globals.PrintCredStrings, Beaprint.ansi_color_bad },
};
foreach (string url in history)
{
if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex))
{
Beaprint.AnsiPrint(" " + url, colorsB);
}
}
Console.WriteLine();
}
Beaprint.MainPrint("IE favorites");
Beaprint.ListPrint(favorites);
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
static void PrintTranscriptPS()
{
try
{
Beaprint.MainPrint("PS default transcripts history");
Beaprint.InfoPrint("Read the PS history inside these files (if any)");
string drive = Path.GetPathRoot(Environment.SystemDirectory);
string transcriptsPath = drive + @"transcripts\";
string usersPath = $"{drive}users";
var users = Directory.EnumerateDirectories(usersPath, "*", SearchOption.TopDirectoryOnly);
string powershellTranscriptFilter = "powershell_transcript*";
var colors = new Dictionary <string, string>()
{
{ "^.*", Beaprint.ansi_color_bad },
};
var results = new List <string>();
var dict = new Dictionary <string, string>()
{
// check \\transcripts\ folder
{ transcriptsPath, "*" },
};
foreach (var user in users)
{
// check the users directories
dict.Add($"{user}\\Documents", powershellTranscriptFilter);
}
foreach (var kvp in dict)
{
var path = kvp.Key;
var filter = kvp.Value;
if (Directory.Exists(path))
{
try
{
var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly).ToList();
foreach (var file in files)
{
var fileInfo = new FileInfo(file);
var humanReadableSize = MyUtils.ConvertBytesToHumanReadable(fileInfo.Length);
var item = $"[{humanReadableSize}] - {file}";
results.Add(item);
}
}
catch (UnauthorizedAccessException) { }
catch (PathTooLongException) { }
catch (DirectoryNotFoundException) { }
}
}
if (results.Count > 0)
{
Beaprint.ListPrint(results, colors);
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
