WinPEAS Stuck at 'Found Database Files' Stage

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

https://book.hacktricks.xyz

Other

15.59k stars 3.03k forks source link

WinPEAS Stuck at 'Found Database Files' Stage #312

Open fatmeat opened 1 year ago

fatmeat commented 1 year ago

Issue description

Dear Carlo, when I ran the windows binary at my victim, it always stucks on 'Found Database Files' stage.

Which parameters did you use for executing the script and how did you execute it?

Symptoms exist when I double click the exe, execute it via cmd or via powershell.

If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?

winPEASx64, winPEASany

Is there any AV / Threat protection in the system?

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

ProductName: Windows 10 Enterprise LTSC 2019 EditionID: EnterpriseS ReleaseId: 1809 BuildBranch: rs5_release CurrentMajorVersionNumber: 10 CurrentVersion: 6.3 Architecture: AMD64

Please, indicate the check that is failing and add a screenshot showing the problem

carlospolop commented 1 year ago

Hi @fatmeat and @primetimenumberline, Please, use the release of this Sunday and execute the new Winpeas with the arguments debug fileanalysis. Send me a photo of the console once Winpeas hangs. There we should be able to see in which regex in which file is it DoS'ing Winpeas.

Moreover, as a potential bypass for this error I have introduced the new argument max-regex-file-size. You can indicate the maximum size of files to check with regexes (default 1MB). Using as arg max-regex-file-size=500000 you will set the maximum file size to 0.5MB and maybe it won't hang.

fatmeat commented 1 year ago

Thank you for the reply! I will have a shot and feedback! @carlospolop

primetimenumberline commented 1 year ago

Not sure that debug is really giving me anything useful back, so I'm not sure if I'm doing this properly; can you help give me a sanity check please? What am I missing? Thanks for helping to troubleshoot.

chrisx41uk commented 1 year ago

Hey - great tool. I am having the same issue

Running on your latest release in Debug Mode with the max regex size down low

It then hangs here

carlospolop commented 1 year ago

Hi guys, this should be fixed in the latest release (it should be ready in 1h), could you check and let me know?

chrisx41uk commented 1 year ago

Thanks it does seem to be caught now - there is a timeout catch you have added. I tested it on the basic tryhackme Windows box. Many thanks for this!

godylockz commented 1 year ago

I just ran this today (with latest release), its hanging on Found Database Files still.