diff --git a/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json b/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json index 41f5900a1..9a6878d1f 100644 --- a/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json +++ b/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json @@ -1 +1 @@ -{"RootPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[],"References":[],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]} \ No newline at end of file +{"RootPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[{"SourceFile":"Properties\\AssemblyInfo.cs"},{"SourceFile":"SmokeTests.cs"},{"SourceFile":"obj\\Debug\\.NETFramework,Version=v4.8.AssemblyAttributes.cs"}],"References":[{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Portable.BouncyCastle.1.9.0\\lib\\net40\\BouncyCastle.Crypto.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Costura.Fody.5.7.0\\lib\\netstandard1.0\\Costura.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.SqlServer.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Microsoft.CSharp.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Microsoft.CodeCoverage.16.10.0\\lib\\net45\\Microsoft.VisualStudio.CodeCoverage.Shim.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\mscorlib.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.Composition.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.DataAnnotations.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Core.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.DataSetExtensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Stub.System.Data.SQLite.Core.NetFramework.1.0.119.0\\lib\\net451\\System.Data.SQLite.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.EF6.1.0.119.0\\lib\\net451\\System.Data.SQLite.EF6.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.Linq.1.0.119.0\\lib\\net451\\System.Data.SQLite.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.IO.Compression.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Net.Http.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Numerics.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Facades\\System.Runtime.InteropServices.RuntimeInformation.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":true,"ProjectPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe"}],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]} \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs index ab32cd94e..d69a5076d 100644 --- a/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs @@ -21,7 +21,7 @@ public void PrintInfo(bool isDebug) { new AWSInfo(), new AzureInfo(), - new AzureCliInfo(), + new AzureTokensInfo(), new GCPInfo(), new GCPJoinedInfo(), new GCDSInfo(), diff --git a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureCliInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs similarity index 82% rename from winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureCliInfo.cs rename to winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs index 08283043f..3cd52d901 100644 --- a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureCliInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs @@ -19,21 +19,33 @@ namespace winPEAS.Info.CloudInfo { - internal class AzureCliInfo : CloudInfoBase + internal class AzureTokensInfo : CloudInfoBase { - public override string Name => "Azure Cli"; + public override string Name => "Azure Tokens"; - public override bool IsCloud => CheckIfAzureCliInstalled(); + public override bool IsCloud => CheckIfAzureTokensInstalled(); private Dictionary> _endpointData = null; - public static bool CheckIfAzureCliInstalled() + public static bool CheckIfAzureTokensInstalled() { string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile); string AzureFolderPath = Path.Combine(homeDirectory, ".Azure"); string azureFolderPath = Path.Combine(homeDirectory, ".azure"); - return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath); + string identityCachePath = Path.Combine( + Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), + "Microsoft", + "IdentityCache" + ); + + string tokenBrokerPath = Path.Combine( + Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), + "Microsoft", + "TokenBroker" + ); + + return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath); } public static string TBRESDecryptedData(string filePath) @@ -79,31 +91,35 @@ private List GetAzureCliValues() azureHomePath = AzureFolderPath; }; - // Files that doesn't need decryption - string[] fileNames = { + if (Directory.Exists(azureHomePath)) + { + + // Files that doesn't need decryption + string[] fileNames = { @"azureProfile.json", @"clouds.config", @"service_principal_entries.json", @"msal_token_cache.json" }; - foreach (string fileName in fileNames) - { - string filePath = Path.Combine(azureHomePath, fileName); - // Check if the file exists - if (File.Exists(filePath)) + foreach (string fileName in fileNames) { - try + string filePath = Path.Combine(azureHomePath, fileName); + // Check if the file exists + if (File.Exists(filePath)) { - // Read the file content - string fileContent = File.ReadAllText(filePath); + try + { + // Read the file content + string fileContent = File.ReadAllText(filePath); - // Add the file path and content to the dictionary - AzureCliValues[filePath] = fileContent; - } - catch (Exception ex) - { - Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}"); + // Add the file path and content to the dictionary + AzureCliValues[filePath] = fileContent; + } + catch (Exception ex) + { + Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}"); + } } } } @@ -134,14 +150,7 @@ private List GetAzureCliValues() { Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}"); } - - - // Get the IdentityCache directory path and encrypted files with tokens - string tokenBrokerPath = Path.Combine( - Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), - "Microsoft", - "TokenBroker" - ); + // Files that need decryption string[] fileNamesEncrp = { @@ -189,6 +198,11 @@ private List GetAzureCliValues() //TBRES files + string tokenBrokerPath = Path.Combine( + Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), + "Microsoft", + "TokenBroker" + ); string[] tbFiles = { }; diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj index 723a4b47e..4eba417c0 100644 --- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj +++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj @@ -1226,7 +1226,7 @@ - +