Engin Demirbilek
  • Intro
  • [Pinned] Community
  • OSWE Review
  • Code Pieces
    • C++: Shellcode Launcher
    • C++: Dynamic DLL Usage
    • C++: Sendin HTTP GET Request
    • C++: Sandbox Detection via Registry
    • C++: Enumerating Environment
    • C++: Dll Injection
    • VBA: HTTP File Dropper
    • Environment Enumeration via Pshell & Cmd
  • Projects
    • Reverse Shell Exploit chain With AV Bypass
    • Execute Shellcode Launcher with Dll Injection
    • Bypassing AVs with simple XOR
    • Bypassing Defender with Exclusion List
  • Vulnerability Research
    • [TR] Centreon 19.10.8 Remote Code Execution
    • [TR] rConfig 3.94 Remote Code Execution
    • [TR] PANDORAFMS 7.0 REMOTE CODE EXECUTION x4
  • Pentest Notes
  • An Uncommon OSINT way to Juicy Files
  • GraphQL Testing Tips
  • Server Side Request Forgery (SSRF)
Powered by GitBook
On this page
  • Objective
  • To do list
  • Functions
  • Application (enum-env.cpp)
  • References:

Was this helpful?

  1. Code Pieces

C++: Enumerating Environment

Objective

Enumerate username, computername and current working directory.

To do list

  • Create a class and enumerate specified information.

Functions

  • GetUserName: Enumerate current username.

    • Definition: GetUserName(LPSTR lpBuffer, LPDWORD pcbBuffer)

      • lpBuffer: Buffer to hold username string. TCHAR userName[ULEN + 1]

      • pcbBuffer: Pointer to buffer size. DWORD bufCharCount

  • GetComputerName: Enumerate current computername.

    • Definition: GetComputerName(LPSTR lpBuffer, LPDWORD

      • lpBuffer: Buffer to hold computername string. TCHAR computerName[ULEN + 1]

      • pcbBuffer: Pointer to buffer size. DWORD bufCharCount

  • GetCurrentDirectoryA: Enumerate current working directory.

    • Definition: GetCurrentDirectoryA(DWORD nBufferLength, LPSTR lpBuffer)

      • nBufferLength: Size of buffer. ULEN + 1

      • buffer: Buffer to hold directory string. TCHAR currentDirectory[ULEN + 1]

Application (enum-env.cpp)

#include <Windows.h>
#include <tchar.h>
#include <lmcons.h>
#include <stdio.h>

class Environment{

    private:
        TCHAR   userName[UNLEN + 1];
        TCHAR   computerName[UNLEN + 1];
        TCHAR   currentDirectory[UNLEN +1];  
        DWORD  bufCharCount = UNLEN + 1;

    public:
        Environment(){
            GetUserName( userName, &bufCharCount );
            GetComputerName( computerName, &bufCharCount );   
            GetCurrentDirectoryA( UNLEN + 1 , currentDirectory );
        }
        TCHAR* getUserName(){return &userName[0];}
        TCHAR* getComputerName(){return &computerName[0];}
        TCHAR* getCurrentDirectory(){return &currentDirectory[0];}
};

int main()
{
Environment env;

printf("Computer name: %s\nUser name: %s\nWorking Directory: %s", env.getComputerName(), env.getUserName(), env.getCurrentDirectory());

return 0;
}

Compile: gcc enum-env.cpp -o enum-env.exe

References:

PreviousC++: Sandbox Detection via RegistryNextC++: Dll Injection

Last updated 3 years ago

Was this helpful?

Microsoft, GetUserNameA function,

Microsoft, GetComputerNameA function,

Microsoft, GetCurrentDirectory function,

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getusernamea
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getcomputernamea
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getcurrentdirectory