Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

winPEAS.ps1 powershell script does not work on non-english systems #434

Open
shaaati opened this issue Sep 12, 2024 · 6 comments
Open

winPEAS.ps1 powershell script does not work on non-english systems #434

shaaati opened this issue Sep 12, 2024 · 6 comments

Comments

@shaaati
Copy link

shaaati commented Sep 12, 2024
edited
Loading

This happens to me quite often, as I am mostly pentesting German companies. It should be a general issue with every non-english system, though.

In certain lines, winPEAS references command output by its column names. At least the following two lines are affected:

PEASS-ng/winPEAS/winPEASps1/winPEAS.ps1

Line 70 in 7979c47

whoami.exe /groups /fo csv | ConvertFrom-Csv | Select-Object -ExpandProperty 'group name' | ForEach-Object { $Identity += $_ }

PEASS-ng/winPEAS/winPEASps1/winPEAS.ps1

Line 1228 in 7979c47

whoami.exe /groups /fo csv | ConvertFrom-Csv | Select-Object -ExpandProperty 'group name' | ForEach-Object {

On non-english systems, the property "group name" does not exist and therefore the command fails. I am no Powershell/Windows CLI expert and therefore do not know how this should be implemented in a language-agnostic way. Can columns be adressed by their index?

Currently, I sed "s/group name/Gruppenname/", but this is obviously not the way to go.

@RandolphConley since you are the maintainer of the powershell script, it probably makes sense to tag you.

Edit: This also affects the "USER INFO" block where local groups are accessed by their English names:

PEASS-ng/winPEAS/winPEASps1/winPEAS.ps1

Lines 1236 to 1249 in 7979c47

######################## USER INFO ########################
Write-Host ""
if ($TimeStamp) { TimeElapsed }
Write-Host -ForegroundColor Blue "=========|| USER INFO"
Write-Host "== || Generating List of all Administrators, Users and Backup Operators (if any exist)"
@("ADMINISTRATORS", "USERS") | ForEach-Object {
Write-Host $_
Write-Host "-------"
Start-Process net -ArgumentList "localgroup $_" -Wait -NoNewWindow
}
Write-Host "BACKUP OPERATORS"
Write-Host "-------"
Start-Process net -ArgumentList 'localgroup "Backup Operators"' -Wait -NoNewWindow

@carlospolop
Copy link
Collaborator

Any news about this @RandolphConley ?

@RandolphConley
Copy link
Contributor

I am looking into this. Hopefully will have a solution soon.

@RandolphConley
Copy link
Contributor

This was a fun problem. I have updated the code and will push to origin. It should be resolved now.

@shaaati
Copy link
Author

shaaati commented Oct 2, 2024

@RandolphConley the "USER INFO" part is still unchanged, isn't it?
The English group names (e.g., "Administrators") do not work in other locales.

@RandolphConley
Copy link
Contributor

@shaaati - thank you for your patience. This has been fixed as well and has been submitted for approval to origin.

@shaaati
Copy link
Author

shaaati commented Oct 2, 2024

No worries, I appreciate a lot that you put work into this in your spare time! Just wanted to make sure that no aspect is missed. I hope I didn't come over too pushy/greedy.

Thank you for your support and for the prompt fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shaaati @carlospolop @RandolphConley