void PrintCU() { try { Beaprint.MainPrint("Users"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#users-and-groups", "Check if you have some admin equivalent privileges"); List <string> usersGrps = User.GetMachineUsers(false, false, false, false, true); Beaprint.AnsiPrint(" Current user: "******" Current groups: " + string.Join(", ", currentGroupsNames), ColorsU()); Beaprint.PrintLineSeparator(); Beaprint.ListPrint(usersGrps, ColorsU()); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintEverLoggedUsers() { try { Beaprint.MainPrint("Ever logged users"); List <string> everLogged = User.GetEverLoggedUsers(); Beaprint.ListPrint(everLogged, ColorsU()); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintUsersDocsKeys() { try { Beaprint.MainPrint("Looking for documents --limit 100--"); List <string> docFiles = InterestingFiles.InterestingFiles.ListUsersDocs(); Beaprint.ListPrint(docFiles.GetRange(0, docFiles.Count <= 100 ? docFiles.Count : 100)); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
void PrintLoggedUsers() { try { Beaprint.MainPrint("Logged users"); List <string> loggedUsers = User.GetLoggedUsers(); Beaprint.ListPrint(loggedUsers, ColorsU()); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintCurrentIETabs() { try { Beaprint.MainPrint("Current IE tabs"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history"); List <string> urls = InternetExplorer.GetCurrentIETabs(); Dictionary <string, string> colorsB = new Dictionary <string, string>() { { Globals.PrintCredStrings, Beaprint.ansi_color_bad }, }; Beaprint.ListPrint(urls, colorsB); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintHistBookChrome() { try { Beaprint.MainPrint("Looking for GET credentials in Chrome history"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history"); Dictionary <string, List <string> > chromeHistBook = Chrome.GetChromeHistBook(); List <string> history = chromeHistBook["history"]; List <string> bookmarks = chromeHistBook["bookmarks"]; if (history.Count > 0) { Dictionary <string, string> colorsB = new Dictionary <string, string>() { { Globals.PrintCredStrings, Beaprint.ansi_color_bad }, }; foreach (string url in history) { if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex)) { Beaprint.AnsiPrint(" " + url, colorsB); } } Console.WriteLine(); } else { Beaprint.NotFoundPrint(); } Beaprint.MainPrint("Chrome bookmarks"); Beaprint.ListPrint(bookmarks); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
private static void PrintHistFavIE() { try { Beaprint.MainPrint("Looking for GET credentials in IE history"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#browsers-history"); Dictionary <string, List <string> > chromeHistBook = InternetExplorer.GetIEHistFav(); List <string> history = chromeHistBook["history"]; List <string> favorites = chromeHistBook["favorites"]; if (history.Count > 0) { Dictionary <string, string> colorsB = new Dictionary <string, string>() { { Globals.PrintCredStrings, Beaprint.ansi_color_bad }, }; foreach (string url in history) { if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex)) { Beaprint.AnsiPrint(" " + url, colorsB); } } Console.WriteLine(); } Beaprint.MainPrint("IE favorites"); Beaprint.ListPrint(favorites); } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }
static void PrintTranscriptPS() { try { Beaprint.MainPrint("PS default transcripts history"); Beaprint.InfoPrint("Read the PS history inside these files (if any)"); string drive = Path.GetPathRoot(Environment.SystemDirectory); string transcriptsPath = drive + @"transcripts\"; string usersPath = $"{drive}users"; var users = Directory.EnumerateDirectories(usersPath, "*", SearchOption.TopDirectoryOnly); string powershellTranscriptFilter = "powershell_transcript*"; var colors = new Dictionary <string, string>() { { "^.*", Beaprint.ansi_color_bad }, }; var results = new List <string>(); var dict = new Dictionary <string, string>() { // check \\transcripts\ folder { transcriptsPath, "*" }, }; foreach (var user in users) { // check the users directories dict.Add($"{user}\\Documents", powershellTranscriptFilter); } foreach (var kvp in dict) { var path = kvp.Key; var filter = kvp.Value; if (Directory.Exists(path)) { try { var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly).ToList(); foreach (var file in files) { var fileInfo = new FileInfo(file); var humanReadableSize = MyUtils.ConvertBytesToHumanReadable(fileInfo.Length); var item = $"[{humanReadableSize}] - {file}"; results.Add(item); } } catch (UnauthorizedAccessException) { } catch (PathTooLongException) { } catch (DirectoryNotFoundException) { } } } if (results.Count > 0) { Beaprint.ListPrint(results, colors); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }