private static void PrintDPAPIMasterKeys()
{
try
{
Beaprint.MainPrint("Checking for DPAPI Master Keys");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi");
var masterKeys = KnownFileCredsInfo.ListMasterKeys();
if (masterKeys.Count != 0)
{
Beaprint.DictPrint(masterKeys, true);
if (MyUtils.IsHighIntegrity())
{
Beaprint.InfoPrint("Follow the provided link for further instructions in how to decrypt the masterkey.");
}
}
else
{
Beaprint.NotFoundPrint();
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
void PrintRecentFiles()
{
try
{
Beaprint.MainPrint("Recent files --limit 70--");
List <Dictionary <string, string> > recFiles = KnownFileCredsInfo.GetRecentFiles();
Dictionary <string, string> colorF = new Dictionary <string, string>()
{
{ _patternsFileCredsColor, Beaprint.ansi_color_bad },
};
if (recFiles.Count != 0)
{
foreach (Dictionary <string, string> recF in recFiles.GetRange(0, recFiles.Count <= 70 ? recFiles.Count : 70))
{
Beaprint.AnsiPrint(" " + recF["Target"] + "(" + recF["Accessed"] + ")", colorF);
}
}
else
{
Beaprint.NotFoundPrint();
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
void PrintCloudCreds()
{
try
{
Beaprint.MainPrint("Cloud Credentials");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files");
List <Dictionary <string, string> > could_creds = KnownFileCredsInfo.ListCloudCreds();
if (could_creds.Count != 0)
{
foreach (Dictionary <string, string> cc in could_creds)
{
string formString = " {0} ({1})\n Accessed:{2} -- Size:{3}";
Beaprint.BadPrint(string.Format(formString, cc["file"], cc["Description"], cc["Accessed"], cc["Size"]));
System.Console.WriteLine("");
}
}
else
{
Beaprint.NotFoundPrint();
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private static void PrintRecentRunCommands()
{
try
{
Beaprint.MainPrint("Recently run commands");
Dictionary <string, object> recentCommands = KnownFileCredsInfo.GetRecentRunCommands();
Beaprint.DictPrint(recentCommands, false);
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private static void PrintDpapiCredFiles()
{
try
{
Beaprint.MainPrint("Checking for DPAPI Credential Files");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi");
var credFiles = KnownFileCredsInfo.GetCredFiles();
Beaprint.DictPrint(credFiles, false);
if (credFiles.Count != 0)
{
Beaprint.InfoPrint("Follow the provided link for further instructions in how to decrypt the creds file");
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
