Comments (9)
My work day is over now, but I might get a chance to access the system on Monday again. I'll try to collect the information.
from privesccheck.
Services without an explicit type are now ignored.
from privesccheck.
Does the error occur only once (or just a couple of times) during each check, or do you get a long list of errors?
In the first case, there is probably an issue with a specific service that has an unrecognized (or null) type.
In the second case, well, this would be a bit more problematic... :/
from privesccheck.
Thanks for the fast reply. The error occurs exactly once per check listed above (when running Invoke-Privesccheck with -ErrorAction Continue
).
from privesccheck.
Ok, so I think my guess was correct.
Do you think you would have time for a simple debug? It's totally ok if not, of course.
Here is the procedure, just in case.
- In the file
02_Helpers.ps1
, edit the code ofGet-ServiceList
as follows. - From the project's folder, run the script
Build.ps1
, to generate an updated version ofPrivescCheck.ps1
. - Run the cmdlet
Get-ServiceList
in verbose mode:Get-ServiceList -Verbose
(no need to run the script entirely).
try {
$TypeMask = $ServiceTypeEnum::Win32OwnProcess -bor $ServiceTypeEnum::Win32ShareProcess -bor $ServiceTypeEnum::InteractiveProcess
if (($ServiceItem.Type -band $TypeMask) -gt 0) {
# FilterLevel = 2 - Add the service to the list if it's not a driver
if ($FilterLevel -le 2) { $ServiceItem; continue }
if (-not (Test-IsKnownService -Service $ServiceItem)) {
# FilterLevel = 3 - Add the service if it's not a built-in Windows service
if ($FilterLevel -le 3) { $ServiceItem; continue }
}
}
} catch {
Write-Verbose $ServiceItem.Name
}
from privesccheck.
I needed to supply 3 as the filter level value, and now it hit something:
VERBOSE: WindowsAzureTelemetryService
from privesccheck.
Nice, thank you.
Yes, I forgot about the filter level, sorry.
Is it possible to get the service's detail from the registry?
The path should be HKLM\SYSTEM\CurrentControlSet\Services\WindowsAzureTelemetryService
.
from privesccheck.
It seems there aren't many registry entries within that service. This is all:
from privesccheck.
Ok, I see....
All the usual service settings are missing, so the Type is null, hence the cast error. This was my initial guess.
It's really weird, first time I see this. 🤔
Anyway, thank you very much for taking the time to check. :)
The fix will be pretty simple.
from privesccheck.
Related Issues (20)
- Get-ModifiablePath false positive result processing deny only SID HOT 9
- Helper script detected by AMSI when building HOT 1
- Wifi Airstrike Attack (CVE-2021-28316) already mitigated Apr 13, 2021 HOT 2
- Cannot find process with ID for UDP Endpoints HOT 2
- Windows 11 detected as Windows 10 HOT 3
- Scheduled Task: Binary Exploitation no detection HOT 2
- Empty WinLogon credentials HOT 1
- Check for vulnerable WPAD configuration? HOT 2
- Report Improvement Suggestion HOT 2
- [Improvement] Check for vulnerable drivers HOT 1
- SERVICES > Unquoted Path not work as expected HOT 3
- Credential Guard HOT 3
- [Feature Request] Readd Compliance Field HOT 4
- Getting erros when trying to run it HOT 2
- Get-HotFixList misses updates HOT 2
- LapsV2 is not being checked? HOT 3
- Check SMB signing required HOT 5
- Service binary permissions false positive HOT 1
- List ASR rules HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privesccheck.