diff options
| author | Dave Hull <dave.hull@tanium.com> | 2017-09-08 16:36:26 -0500 |
|---|---|---|
| committer | Dave Hull <dave.hull@tanium.com> | 2017-09-08 16:36:26 -0500 |
| commit | 0a894991dc4b62006c8b2c66a5c87ba239ca9f11 (patch) | |
| tree | 71b2d650f9eb0295d4cd5c56daabf4721629a719 /Privesc | |
| parent | 6eb3c6f281f0812a103283d1da80be14bb04f944 (diff) | |
| download | PowerSploit-0a894991dc4b62006c8b2c66a5c87ba239ca9f11.tar.gz PowerSploit-0a894991dc4b62006c8b2c66a5c87ba239ca9f11.zip | |
Adds tolower() as it was dropping .DLL files in my local
Diffstat (limited to 'Privesc')
| -rw-r--r-- | Privesc/PowerUp.ps1 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 79933c4..edd31b9 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -3047,7 +3047,7 @@ https://www.mandiant.com/blog/malware-persistence-windows-registry/ # the known DLL cache to exclude from our findings # http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx $Keys = (Get-Item "HKLM:\System\CurrentControlSet\Control\Session Manager\KnownDLLs") - $KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName) }) | Where-Object { $_.EndsWith(".dll") } + $KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName).tolower() }) | Where-Object { $_.EndsWith(".dll") } $KnownDLLPaths = $(ForEach ($name in $Keys.GetValueNames()) { $Keys.GetValue($name).tolower() }) | Where-Object { -not $_.EndsWith(".dll") } $KnownDLLs += ForEach ($path in $KnownDLLPaths) { ls -force $path\*.dll | Select-Object -ExpandProperty Name | ForEach-Object { $_.tolower() }} $CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name |