gcds

peass-ng · Oct 7, 2024 · eebe797 · eebe797
1 parent 4bd1dbd
commit eebe797
Show file tree

Hide file tree

Showing 7 changed files with 155 additions and 4 deletions.
diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml
@@ -1419,6 +1419,16 @@ search:
                 search_in: 
                   - common
 
+          - name: "Google Cloud Directory Sync"
+            value: 
+                files:
+                  - name: "*.xml"
+                    value:
+                        bad_regex: "oAuth2RefreshToken.*|authCredentialsEncrypted.*"
+                type: d
+                search_in: 
+                  - common
+
 
   - name: Road Recon
     value:

diff --git a/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json b/winPEAS/winPEASexe/Tests/.vs/winPEAS.Tests.csproj.dtbcache.json
@@ -1 +1 @@
-{"RootPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[],"References":[],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\carlos_hacktricks\\Desktop\\git\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]}
+{"RootPath":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\Tests","ProjectFileName":"winPEAS.Tests.csproj","Configuration":"Debug|AnyCPU","FrameworkPath":"","Sources":[{"SourceFile":"Properties\\AssemblyInfo.cs"},{"SourceFile":"SmokeTests.cs"},{"SourceFile":"obj\\Debug\\.NETFramework,Version=v4.8.AssemblyAttributes.cs"}],"References":[{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Portable.BouncyCastle.1.9.0\\lib\\net40\\BouncyCastle.Crypto.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Costura.Fody.5.7.0\\lib\\netstandard1.0\\Costura.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\EntityFramework.6.4.4\\lib\\net45\\EntityFramework.SqlServer.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Microsoft.CSharp.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Microsoft.CodeCoverage.16.10.0\\lib\\net45\\Microsoft.VisualStudio.CodeCoverage.Shim.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\MSTest.TestFramework.2.2.5\\lib\\net45\\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\mscorlib.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.Composition.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.ComponentModel.DataAnnotations.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Core.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.DataSetExtensions.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Data.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\Stub.System.Data.SQLite.Core.NetFramework.1.0.119.0\\lib\\net451\\System.Data.SQLite.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.EF6.1.0.119.0\\lib\\net451\\System.Data.SQLite.EF6.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\packages\\System.Data.SQLite.Linq.1.0.119.0\\lib\\net451\\System.Data.SQLite.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.IO.Compression.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Net.Http.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Numerics.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\Facades\\System.Runtime.InteropServices.RuntimeInformation.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.8\\System.Xml.Linq.dll","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":false,"ProjectPath":""},{"Reference":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe","ResolvedFrom":"","OriginalItemSpec":"","Name":"","EmbedInteropTypes":false,"CopyLocal":false,"IsProjectReference":true,"ProjectPath":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\winPEAS\\bin\\Debug\\winPEAS.exe"}],"Analyzers":[],"Outputs":[{"OutputItemFullPath":"C:\\Users\\Public\\PEASS-ng\\winPEAS\\winPEASexe\\Tests\\bin\\Debug\\Tests.dll","OutputItemRelativePath":"Tests.dll"},{"OutputItemFullPath":"","OutputItemRelativePath":""}],"CopyToOutputEntries":[]}
diff --git a/winPEAS/winPEASexe/winPEAS/.vs/winPEAS.csproj.dtbcache.json b/winPEAS/winPEASexe/winPEAS/.vs/winPEAS.csproj.dtbcache.json
diff --git a/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs
@@ -15,7 +15,8 @@ public void PrintInfo(bool isDebug)
                new AWSInfo(),
                new AzureInfo(),
                new GCPInfo(),
-               new GCPJoinedInfo()
+               new GCPJoinedInfo(),
+               new GCDSInfo(),
             };
 
             foreach (var cloudInfo in cloudInfoList)

diff --git a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GCDSInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GCDSInfo.cs
@@ -0,0 +1,139 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+using winPEAS.Helpers;
+using System.Data.SQLite;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Modes;
+using System.Linq;
+using Microsoft.Win32;
+using System.Web.Script.Serialization;
+
+
+namespace winPEAS.Info.CloudInfo
+{
+    internal class GCDSInfo : CloudInfoBase
+    {
+        public override string Name => "Google Cloud Directory Sync";
+
+        public override bool IsCloud => CheckIfGCDSInstalled();
+
+        private Dictionary<string, List<EndpointData>> _endpointData = null;
+
+        public static bool CheckIfGCDSInstalled()
+        {
+            string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\util");
+            bool regExists = check != null && check.Length > 0;
+            bool result = regExists || File.Exists(@"C:\Program Files\Google Cloud Directory Sync\config-manager.exe");
+            return result;
+        }
+
+        private List<EndpointData> GetGCDSRegValues()
+        {
+            Dictionary<string, string> GCDSRegValues = new Dictionary<string, string>();
+            GCDSRegValues.Add("V2.configured", Helpers.Registry.RegistryHelper.GetRegValue("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\util", @"/Encryption/Policy/V2.configured"));
+            GCDSRegValues.Add("V2.iv", Helpers.Registry.RegistryHelper.GetRegValue("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\util", @"/Encryption/Policy/V2.iv").Replace("/", "").Replace("\\","/"));
+            GCDSRegValues.Add("V2.key", Helpers.Registry.RegistryHelper.GetRegValue("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\util", @"/Encryption/Policy/V2.key").Replace("/", "").Replace("\\", "/"));
+            string openRecent = Helpers.Registry.RegistryHelper.GetRegValue("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\ui", @"open.recent");
+            GCDSRegValues.Add("Open recent confs", Helpers.Registry.RegistryHelper.GetRegValue("HKCU", @"SOFTWARE\JavaSoft\Prefs\com\google\usersyncapp\ui", @"open.recent"));
+
+            List<string> filePaths = new List<string>(openRecent.Split(new string[] { "/u000a" }, StringSplitOptions.None));
+
+            foreach (var filePath in filePaths)
+            {
+                // Normalize the path by replacing triple slashes and double slashes with single slashes
+                string normalizedPath = filePath.Replace("///", "/").Replace("//", "/");
+
+                // Remove any leading slashes that shouldn't be there
+                if (normalizedPath.StartsWith("/"))
+                {
+                    normalizedPath = normalizedPath.Substring(1);
+                }
+
+                // Check if file exists
+                if (File.Exists(normalizedPath))
+                {
+                    try
+                    {
+                        // Read and print the file content
+                        string fileContent = File.ReadAllText(normalizedPath);
+                        List<EndpointData> _endpointDataList_cust = new List<EndpointData>();
+                        _endpointDataList_cust.Add(new EndpointData()
+                        {
+                            EndpointName = @"Content",
+                            Data = fileContent,
+                            IsAttackVector = false
+                        });
+                        _endpointData.Add(normalizedPath, _endpointDataList_cust);
+                    }
+                    catch (Exception ex)
+                    {
+                        Beaprint.PrintException($"Could not open file {normalizedPath}: {ex.Message}");
+                    }
+                }
+                else
+                {
+                    Beaprint.PrintException($"File {normalizedPath} does not exist.");
+                }
+            }
+
+            // Format the info in expected CloudInfo format
+            List<EndpointData> _endpointDataList = new List<EndpointData>();
+
+            foreach (var kvp in GCDSRegValues)
+            {
+                _endpointDataList.Add(new EndpointData()
+                {
+                    EndpointName = kvp.Key,
+                    Data = kvp.Value?.Trim(),
+                    IsAttackVector = false
+                });
+            }
+
+            return _endpointDataList;
+        }
+
+
+        public override Dictionary<string, List<EndpointData>> EndpointDataList()
+        {
+            if (_endpointData == null)
+            {
+                _endpointData = new Dictionary<string, List<EndpointData>>();
+
+                try
+                {
+                    if (IsAvailable)
+                    {
+                        _endpointData.Add("Local Info", GetGCDSRegValues());
+                    }
+                    else
+                    {
+                        _endpointData.Add("General Info", new List<EndpointData>()
+                        {
+                            new EndpointData()
+                            {
+                                EndpointName = "",
+                                Data = null,
+                                IsAttackVector = false
+                            }
+                        });
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Beaprint.PrintException(ex.Message);
+                }
+            }
+
+            return _endpointData;
+        }
+
+        public override bool TestConnection()
+        {
+            return true;
+        }
+    }
+}
diff --git a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GWorkspaceInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GWorkspaceInfo.cs
@@ -242,7 +242,7 @@ private static string[] ExtractRefreshTokens(string webDataPath, string masterKe
             }
             catch (Exception ex)
             {
-                Console.WriteLine("Error extracting refresh tokens (If Chrome is running the DB is probably locked but you could dump Chrome's procs and search it there or go around this lock): " + ex.Message);
+                Beaprint.PrintException("Error extracting refresh tokens (If Chrome is running the DB is probably locked but you could dump Chrome's procs and search it there or go around this lock): " + ex.Message);
                 return refreshTokens.ToArray();
             }
         }

diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
@@ -1220,6 +1220,7 @@
     <Compile Include="Info\CloudInfo\AWSInfo.cs" />
     <Compile Include="Info\CloudInfo\AzureInfo.cs" />
     <Compile Include="Info\CloudInfo\EndpointData.cs" />
+    <Compile Include="Info\CloudInfo\GCDSInfo.cs" />
     <Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />
     <Compile Include="Info\CloudInfo\GCPInfo.cs" />
     <Compile Include="Info\CloudInfo\CloudInfoBase.cs" />