private static void PrintDPAPIMasterKeys() { try { Beaprint.MainPrint("Checking for DPAPI Master Keys"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi"); var masterKeys = KnownFileCredsInfo.ListMasterKeys(); if (masterKeys.Count != 0) { Beaprint.DictPrint(masterKeys, true); if (MyUtils.IsHighIntegrity()) { Beaprint.InfoPrint("Follow the provided link for further instructions in how to decrypt the masterkey."); } } else { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintRecentFiles() { try { Beaprint.MainPrint("Recent files --limit 70--"); List <Dictionary <string, string> > recFiles = KnownFileCredsInfo.GetRecentFiles(); Dictionary <string, string> colorF = new Dictionary <string, string>() { { _patternsFileCredsColor, Beaprint.ansi_color_bad }, }; if (recFiles.Count != 0) { foreach (Dictionary <string, string> recF in recFiles.GetRange(0, recFiles.Count <= 70 ? recFiles.Count : 70)) { Beaprint.AnsiPrint(" " + recF["Target"] + "(" + recF["Accessed"] + ")", colorF); } } else { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintCloudCreds() { try { Beaprint.MainPrint("Cloud Credentials"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files"); List <Dictionary <string, string> > could_creds = KnownFileCredsInfo.ListCloudCreds(); if (could_creds.Count != 0) { foreach (Dictionary <string, string> cc in could_creds) { string formString = " {0} ({1})\n Accessed:{2} -- Size:{3}"; Beaprint.BadPrint(string.Format(formString, cc["file"], cc["Description"], cc["Accessed"], cc["Size"])); System.Console.WriteLine(""); } } else { Beaprint.NotFoundPrint(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintRecentRunCommands() { try { Beaprint.MainPrint("Recently run commands"); Dictionary <string, object> recentCommands = KnownFileCredsInfo.GetRecentRunCommands(); Beaprint.DictPrint(recentCommands, false); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintDpapiCredFiles() { try { Beaprint.MainPrint("Checking for DPAPI Credential Files"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi"); var credFiles = KnownFileCredsInfo.GetCredFiles(); Beaprint.DictPrint(credFiles, false); if (credFiles.Count != 0) { Beaprint.InfoPrint("Follow the provided link for further instructions in how to decrypt the creds file"); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }