Friday, February 6, 2015

Updated Powershell Script to Fix Unquoted Path Vulnerabilities

Here is an updated powershell script to fix unquoted path vulnerabilities:

$VulnServices = gwmi win32_service | ?{$_} | where {($_.pathname -ne $null) -and ($_.pathname.trim() -ne "")} | where {-not $_.pathname.StartsWith("`"")} | where {($_.pathname.Substring(0, $_.pathname.IndexOf(".exe") + 4)) -match ".* .*"}


    if ($VulnServices) {

        foreach ($service in $VulnServices){

                                                $out = $


                                                $path = $service.pathname

                                                if(Test-Path ("hklm:\SYSTEM\CurrentControlSet\Services\" + ${

                                                $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $ -Name ImagePath -EA "SilentlyContinue").ImagePath


                                                #Check for quotes

                                                if ($info -eq "`"$path`""){

                                                                #FOR TESTING: Write-Host "Has quotes!" $ $info


                                                #Check for no quotes

                                                elseif ($info -eq $path){

                                                                #FOR TESTING: Write-Host "NO QUOTES!" $info

                                                                Set-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\services\" + $ -Name ImagePath -Value "`"$path`""


                                                #FOR TESTING: $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $ -Name ImagePath -EA "SilentlyContinue").ImagePath

                                                #FOR TESTING: $info




No comments:

Post a Comment

Docker - Quick Notes and How To

For an ethical hacking class that I will be teaching coming up in the near future I wanted to identify a way where I could provide students ...