diff options
| author | Dave Hull <dave.hull@tanium.com> | 2017-09-08 16:30:06 -0500 |
|---|---|---|
| committer | Dave Hull <dave.hull@tanium.com> | 2017-09-08 16:30:06 -0500 |
| commit | bf652bcd261c2c74445c2aa1b4e283c4bf167109 (patch) | |
| tree | 351033f090f43ee5cc61448ecce8ab63d832dccf /Privesc | |
| parent | c7985c9bc31e92bb6243c177d7d1d7e68b6f1816 (diff) | |
| download | PowerSploit-bf652bcd261c2c74445c2aa1b4e283c4bf167109.tar.gz PowerSploit-bf652bcd261c2c74445c2aa1b4e283c4bf167109.zip | |
Adds dlls from knowndll paths to knowndlls
Diffstat (limited to 'Privesc')
| -rw-r--r-- | Privesc/PowerUp.ps1 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 072b03e..651751a 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -2368,6 +2368,8 @@ function Find-ProcessDLLHijack { # http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx $Keys = (Get-Item "HKLM:\System\CurrentControlSet\Control\Session Manager\KnownDLLs") $KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName) }) | Where-Object { $_.EndsWith(".dll") } + $KnownDLLPaths = $(ForEach ($name in $Keys.GetValueNames()) { $Keys.GetValue($name).tolower() }) | Where-Object { -not $_.EndsWith(".dll") } + $KnownDLLs += ForEach ($path in $KnownDLLPaths) { ls -force $path\*.dll | Select-Object -ExpandProperty Name | ForEach-Object { $_.tolower() }} $CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name # get the owners for all processes |