Comments (2)
Hi,
Firs of all, thank you for your kind words, I appreciate. :)
I have to admit, there is lot of misunderstanding around the combo "Vulnerable PATH folders" / "Hijackable DLLs". I got a lot of different feedbacks about this, especially people thinking that "Hijackable DLLs" is a vulnerability.
Here is the thing. Whenever a vulnerable PATH folder is identified, I thought that giving a list of DLLs that can actually be hijacked was a smart thing to do. It would not have been possible to merge this with the "Vulnerable PATH folders" check without creating a mess though. So, I decided to create a separate "Info" check for this. However, because of the way the tool is designed, it is not possible to make any correlation between two (or more) checks without some dirty hacks, which I do not want to resort to to preserve overall maintainability.
The problem here is that, for "Info" checks, I assumed that the result was compliant by default and, only if a non-compliant result was found, I set the overall "compliance" to "false", which only makes sense if a check is supposed to yield a compliant / non-compliant result.
The "Hijackable DLLs" check is a perfect counter-example in this regard. It does not make sense to report a compliance level in this case. This check exists for the sole purpose of helping pentesters to quickly see how they can exploit a vulnerable PATH folder.
So now, I handle this differently. If no object is returned, or if the returned objects do not have a compliance level, I set the overall compliance to "N/A". To do this, I had to change the type of the "Compliance" attribute from a Boolean to a String in order to support 3 possible values: "True", "False", and "N/A".
What matters the most in this case, in regards to "compliance", is to know whether there are vulnerable PATH folders. Therefore, for "Hijackable" DLLs, the "compliance" status is now set to "N/A". This should improve the overall readability of the reports (not just the HTML one).
from privesccheck.
Hi,
Those changes sound great, appreciate your swift response and updates. Look forward to using this script again during the next engagement.
Thanks
πͺπΌππΌπ
from privesccheck.
Related Issues (20)
- Wifi Airstrike Attack (CVE-2021-28316) already mitigated Apr 13, 2021 HOT 2
- Cannot find process with ID for UDP Endpoints HOT 2
- Specified cast is not valid HOT 9
- Windows 11 detected as Windows 10 HOT 3
- Scheduled Task: Binary Exploitation no detection HOT 2
- Empty WinLogon credentials HOT 1
- Check for vulnerable WPAD configuration? HOT 2
- [Improvement] Check for vulnerable drivers HOT 1
- SERVICES > Unquoted Path not work as expected HOT 3
- Credential Guard HOT 3
- [Feature Request] Readd Compliance Field HOT 4
- Getting erros when trying to run it HOT 2
- Get-HotFixList misses updates HOT 2
- LapsV2 is not being checked? HOT 3
- Check SMB signing required HOT 5
- Service binary permissions false positive HOT 1
- List ASR rules HOT 2
- Bug in Find-SccmCacheFileCredentials? HOT 2
- Detect Defender exclusions rules and ASR rules HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privesccheck.