Monday, April 7, 2014

Rewrite of Unquoted Path Vulnerability Script

$hash = @{
"FullPath" = "ServiceValue"}
$hash.keys | % {
    $name = $hash.Item($_)
    if(Test-Path ("hklm:\SYSTEM\CurrentControlSet\Services\" + $name)){
        $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $name) -Name ImagePath -EA "SilentlyContinue").ImagePath
        #Check for quotes
        if ($info -eq "`"$_`""){
            #For testing: Write-Host "Has quotes!" $name $info
        }
        #Check for no quotes
        elseif ($info -eq $_){
            Write-Host "NO QUOTES!" $info #For Testing
            Set-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $name) -Name ImagePath -Value "`"$_`""
        }
    }
}

No comments:

Post a Comment

Docker with Juiceshop - Focus on SQL Injection

In preparation for an ethical hacking class that I will be teaching, I wanted to work through a few of the Vulnhub or docker images to refr...