Friday, February 6, 2015

Updated Powershell Script to Fix Unquoted Path Vulnerabilities

Here is an updated powershell script to fix unquoted path vulnerabilities:

$VulnServices = gwmi win32_service | ?{$_} | where {($_.pathname -ne $null) -and ($_.pathname.trim() -ne "")} | where {-not $_.pathname.StartsWith("`"")} | where {($_.pathname.Substring(0, $_.pathname.IndexOf(".exe") + 4)) -match ".* .*"}


    if ($VulnServices) {

        foreach ($service in $VulnServices){

                                                $out = $


                                                $path = $service.pathname

                                                if(Test-Path ("hklm:\SYSTEM\CurrentControlSet\Services\" + ${

                                                $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $ -Name ImagePath -EA "SilentlyContinue").ImagePath


                                                #Check for quotes

                                                if ($info -eq "`"$path`""){

                                                                #FOR TESTING: Write-Host "Has quotes!" $ $info


                                                #Check for no quotes

                                                elseif ($info -eq $path){

                                                                #FOR TESTING: Write-Host "NO QUOTES!" $info

                                                                Set-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\services\" + $ -Name ImagePath -Value "`"$path`""


                                                #FOR TESTING: $info = (Get-ItemProperty ("hklm:\SYSTEM\CurrentControlSet\Services\" + $ -Name ImagePath -EA "SilentlyContinue").ImagePath

                                                #FOR TESTING: $info




No comments:

Post a Comment

Prepare, Bait, Hook, Execute and Control - Buffer Overflows

This post is the third of four that I am planning to write about social engineering specifically about phishing.  The form of phishing that...