Skip to content

Commit

Permalink
fix google password sync
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop
carlospolop committed Oct 11, 2024
1 parent 26cb96c commit f55d20a
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 3 deletions.
43 changes: 43 additions & 0 deletions winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,49 @@ public static Dictionary<string, object> GetRegValues(string hive, string path)
}
}

public static string[] ListRegValues(string hive, string path)
{
string[] keys = null;
try
{
if (hive == "HKCU")
{
using (var regKeyValues = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
else if (hive == "HKU")
{
using (var regKeyValues = Microsoft.Win32.Registry.Users.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
else
{
using (var regKeyValues = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path))
{
if (regKeyValues != null)
{
keys = regKeyValues.GetValueNames();
}
}
}
return keys;
}
catch
{
return null;
}
}

public static byte[] GetRegValueBytes(string hive, string path, string value)
{
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)
Expand Down
23 changes: 20 additions & 3 deletions winPEAS/winPEASexe/winPEAS/Info/CloudInfo/GPSInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ internal class GPSInfo : CloudInfoBase

public static bool CheckIfGPSInstalled()
{
string[] check = Helpers.Registry.RegistryHelper.GetRegSubkeys("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
string[] check = Helpers.Registry.RegistryHelper.ListRegValues("HKLM", @"SOFTWARE\Google\Google Apps Password Sync");
bool regExists = check != null && check.Length > 0;
bool result = regExists || File.Exists(@"C:\Program Files\Google\Password Sync\PasswordSync.exe") || File.Exists(@"C:\Program Files\Google\Password Sync\password_sync_service.exe");
return result;
Expand Down Expand Up @@ -66,15 +66,32 @@ private List<EndpointData> GetGPSValues()
// Get registry valus and decrypt them
string hive = "HKLM";
string regAddr = @"SOFTWARE\Google\Google Apps Password Sync";
string[] subkeys = Helpers.Registry.RegistryHelper.GetRegSubkeys(hive, regAddr);
string[] subkeys = Helpers.Registry.RegistryHelper.ListRegValues(hive, regAddr);
if (subkeys == null || subkeys.Length == 0)
{
Beaprint.PrintException("Winpeas need admin privs to check the registry for credentials");
Beaprint.PrintException("WinPEAS need admin privs to check the registry for credentials");
}
else
{
GPSRegValues.Add("Email", Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"Email"));

// Remove "Email" and "address" from the array
string[] filteredSubkeys = subkeys
.Where(key => key != "Email" && key != "AuthToken" && key != "ADPassword" && key != "(Default)")
.ToArray();

// Check if there are any subkeys left after filtering
if (filteredSubkeys.Length > 1)
{
// Join the remaining subkeys with ", " and print to the console
GPSRegValues.Add("Other keys", string.Join(", ", filteredSubkeys) + " (might contain credentials but WinPEAS doesn't support them)");
}
else
{
Console.WriteLine("No subkeys left after filtering.");
}


// Check if AuthToken in the registry
string authtokenInReg = Helpers.Registry.RegistryHelper.GetRegValue(hive, regAddr, @"AuthToken");
if (authtokenInReg.Length > 0)
Expand Down

0 comments on commit f55d20a

Please sign in to comment.