PEASS-ng icon indicating copy to clipboard operation
PEASS-ng copied to clipboard

Published 20 hours ago verified publisher icon peass-ng

WinPEAS Stuck at 'Found Database Files' Stage

Open fatmeat opened this issue 2 years ago • 8 comments

Issue description

Dear Carlo, when I ran the windows binary at my victim, it always stucks on 'Found Database Files' stage.

Which parameters did you use for executing the script and how did you execute it?

Symptoms exist when I double click the exe, execute it via cmd or via powershell.

If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?

winPEASx64, winPEASany

Is there any AV / Threat protection in the system?

No

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

ProductName: Windows 10 Enterprise LTSC 2019 EditionID: EnterpriseS ReleaseId: 1809 BuildBranch: rs5_release CurrentMajorVersionNumber: 10 CurrentVersion: 6.3 Architecture: AMD64

Please, indicate the check that is failing and add a screenshot showing the problem

image

fatmeat avatar Sep 12 '22 11:09 fatmeat

Hi @fatmeat and @primetimenumberline, Please, use the release of this Sunday and execute the new Winpeas with the arguments debug fileanalysis. Send me a photo of the console once Winpeas hangs. There we should be able to see in which regex in which file is it DoS'ing Winpeas.

Moreover, as a potential bypass for this error I have introduced the new argument max-regex-file-size. You can indicate the maximum size of files to check with regexes (default 1MB). Using as arg max-regex-file-size=500000 you will set the maximum file size to 0.5MB and maybe it won't hang.

carlospolop avatar Sep 30 '22 17:09 carlospolop

Thank you for the reply! I will have a shot and feedback! @carlospolop

fatmeat avatar Oct 01 '22 09:10 fatmeat

image

Not sure that debug is really giving me anything useful back, so I'm not sure if I'm doing this properly; can you help give me a sanity check please? What am I missing? Thanks for helping to troubleshoot.

primetimenumberline avatar Oct 01 '22 17:10 primetimenumberline

Hey - great tool. I am having the same issue

Running on your latest release in Debug Mode with the max regex size down low

image

It then hangs here image

chrisx41uk avatar Oct 19 '22 15:10 chrisx41uk

Hi guys, this should be fixed in the latest release (it should be ready in 1h), could you check and let me know?

carlospolop avatar Nov 02 '22 18:11 carlospolop

Thanks it does seem to be caught now - there is a timeout catch you have added. I tested it on the basic tryhackme Windows box. Many thanks for this!

image image

chrisx41uk avatar Nov 05 '22 12:11 chrisx41uk

I just ran this today (with latest release), its hanging on Found Database Files still.

godylockz avatar Nov 21 '22 00:11 godylockz