Updated Powershell Script to Fix Unquoted Path Vulnerabilities

Friday, February 6, 2015

Updated Powershell Script to Fix Unquoted Path Vulnerabilities

Here is an updated powershell script to fix unquoted path vulnerabilities:

$VulnServices = gwmi win32_service | ?{$_} | where {($_.pathname -ne $null) -and ($_.pathname.trim() -ne "")} | where {-not $_.pathname.StartsWith("`"")} | where {($_.pathname.Substring(0, $_.pathname.IndexOf(".exe") + 4)) -match ".* .*"}

if ($VulnServices) {

foreach ($service in $VulnServices){

$out = $service.name

$out

$path = $service.pathname

if(Test-Path ("hklm:\SYSTEM\CurrentControlSet\Services\" + $service.name)){

$info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $service.name) -Name ImagePath -EA "SilentlyContinue").ImagePath

#Check for quotes

if ($info -eq "`"$path`""){

#FOR TESTING: Write-Host "Has quotes!" $service.name $info

}

#Check for no quotes

elseif ($info -eq $path){

#FOR TESTING: Write-Host "NO QUOTES!" $info

Set-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\services\" + $service.name) -Name ImagePath -Value "`"$path`""

}

#FOR TESTING: $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $service.name) -Name ImagePath -EA "SilentlyContinue").ImagePath

#FOR TESTING: $info

}

thepcn3rd - Passion for Infosec

Friday, February 6, 2015

Updated Powershell Script to Fix Unquoted Path Vulnerabilities

No comments:

Post a Comment

Test Authentication from Linux Console using python3 pexpect