Skip to content

Commit

Permalink
az tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop
carlospolop committed Jan 24, 2025
1 parent 21a5ef9 commit 7cd9e6f
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 32 deletions.
2 changes: 1 addition & 1 deletion winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"RootPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[],"References":[],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]}
{"RootPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[{"SourceFile":"Properties\\AssemblyInfo.cs"},{"SourceFile":"SmokeTests.cs"},{"SourceFile":"obj\\Debug\\.NETFramework,Version=v4.8.AssemblyAttributes.cs"}],"References":[{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Portable.BouncyCastle.1.9.0\\lib\\net40\\BouncyCastle.Crypto.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Costura.Fody.5.7.0\\lib\\netstandard1.0\\Costura.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.SqlServer.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Microsoft.CSharp.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Microsoft.CodeCoverage.16.10.0\\lib\\net45\\Microsoft.VisualStudio.CodeCoverage.Shim.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\mscorlib.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.Composition.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.DataAnnotations.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Core.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.DataSetExtensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Stub.System.Data.SQLite.Core.NetFramework.1.0.119.0\\lib\\net451\\System.Data.SQLite.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.EF6.1.0.119.0\\lib\\net451\\System.Data.SQLite.EF6.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.Linq.1.0.119.0\\lib\\net451\\System.Data.SQLite.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.IO.Compression.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Net.Http.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Numerics.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Facades\\System.Runtime.InteropServices.RuntimeInformation.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":true,"ProjectPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe"}],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]}
2 changes: 1 addition & 1 deletion winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public void PrintInfo(bool isDebug)
{
new AWSInfo(),
new AzureInfo(),
new AzureCliInfo(),
new AzureTokensInfo(),
new GCPInfo(),
new GCPJoinedInfo(),
new GCDSInfo(),
Expand Down
72 changes: 43 additions & 29 deletions ...xe/winPEAS/Info/CloudInfo/AzureCliInfo.cs → ...winPEAS/Info/CloudInfo/AzureTokensInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,21 +19,33 @@

namespace winPEAS.Info.CloudInfo
{
internal class AzureCliInfo : CloudInfoBase
internal class AzureTokensInfo : CloudInfoBase
{
public override string Name => "Azure Cli";
public override string Name => "Azure Tokens";

public override bool IsCloud => CheckIfAzureCliInstalled();
public override bool IsCloud => CheckIfAzureTokensInstalled();

private Dictionary<string, List<EndpointData>> _endpointData = null;

public static bool CheckIfAzureCliInstalled()
public static bool CheckIfAzureTokensInstalled()
{
string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
string azureFolderPath = Path.Combine(homeDirectory, ".azure");

return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath);
string identityCachePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"IdentityCache"
);

string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);

return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath);
}

public static string TBRESDecryptedData(string filePath)
Expand Down Expand Up @@ -79,31 +91,35 @@ private List<EndpointData> GetAzureCliValues()
azureHomePath = AzureFolderPath;
};

// Files that doesn't need decryption
string[] fileNames = {
if (Directory.Exists(azureHomePath))
{

// Files that doesn't need decryption
string[] fileNames = {
@"azureProfile.json",
@"clouds.config",
@"service_principal_entries.json",
@"msal_token_cache.json"
};

foreach (string fileName in fileNames)
{
string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
foreach (string fileName in fileNames)
{
try
string filePath = Path.Combine(azureHomePath, fileName);
// Check if the file exists
if (File.Exists(filePath))
{
// Read the file content
string fileContent = File.ReadAllText(filePath);
try
{
// Read the file content
string fileContent = File.ReadAllText(filePath);

// Add the file path and content to the dictionary
AzureCliValues[filePath] = fileContent;
}
catch (Exception ex)
{
Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
// Add the file path and content to the dictionary
AzureCliValues[filePath] = fileContent;
}
catch (Exception ex)
{
Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
}
}
}
}
Expand Down Expand Up @@ -134,14 +150,7 @@ private List<EndpointData> GetAzureCliValues()
{
Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}");
}


// Get the IdentityCache directory path and encrypted files with tokens
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);


// Files that need decryption
string[] fileNamesEncrp = {
Expand Down Expand Up @@ -189,6 +198,11 @@ private List<EndpointData> GetAzureCliValues()


//TBRES files
string tokenBrokerPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"Microsoft",
"TokenBroker"
);

string[] tbFiles = { };

Expand Down
2 changes: 1 addition & 1 deletion winPEAS/winPEASexe/winPEAS/winPEAS.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1226,7 +1226,7 @@
<Compile Include="Info\CloudInfo\AWSInfo.cs" />
<Compile Include="Info\CloudInfo\AzureInfo.cs" />
<Compile Include="Info\CloudInfo\EndpointData.cs" />
<Compile Include="Info\CloudInfo\AzureCliInfo.cs" />
<Compile Include="Info\CloudInfo\AzureTokensInfo.cs" />
<Compile Include="Info\CloudInfo\GPSInfo.cs" />
<Compile Include="Info\CloudInfo\GCDSInfo.cs" />
<Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />
Expand Down

0 comments on commit 7cd9e6f

Please sign in to comment.