diff options
| author | Jon Cave <jon@lionsgoroar.co.uk> | 2016-03-20 21:28:22 +0000 |
|---|---|---|
| committer | Jon Cave <jon@lionsgoroar.co.uk> | 2016-03-20 21:28:22 +0000 |
| commit | 84b8e1da9ae80de0b7e677f8b9d4b631778c02ea (patch) | |
| tree | dc19aef2a9fc739c007e4afaa58d40261f700567 /Privesc | |
| parent | 2a813faedb853d8043446c6d0cad2119ecd62d61 (diff) | |
| download | PowerSploit-84b8e1da9ae80de0b7e677f8b9d4b631778c02ea.tar.gz PowerSploit-84b8e1da9ae80de0b7e677f8b9d4b631778c02ea.zip | |
Find-PathHijack: Expand environment variables in path
Paths containing environment variables can cause false-positives to occur, e.g. `%SystemRoot%\system32\WindowsPowerShell\v1.0\`. `Find-PathHijack` will believe this is a relative path and will report it as hijackable if the current directory is writeable.
Diffstat (limited to 'Privesc')
| -rw-r--r-- | Privesc/PowerUp.ps1 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 0d71b14..9954c98 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -1283,6 +1283,7 @@ function Find-PathHijack { if (-not $Path.EndsWith("\")){ $Path = $Path + "\" } + $Path = [System.Environment]::ExpandEnvironmentVariables($Path) # reference - http://stackoverflow.com/questions/9735449/how-to-verify-whether-the-share-has-write-access $TestPath = Join-Path $Path ([IO.Path]::GetRandomFileName()) |