diff options
Diffstat (limited to 'docs/Privesc/Find-PathDLLHijack.md')
| -rwxr-xr-x | docs/Privesc/Find-PathDLLHijack.md | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/docs/Privesc/Find-PathDLLHijack.md b/docs/Privesc/Find-PathDLLHijack.md new file mode 100755 index 0000000..f43fc69 --- /dev/null +++ b/docs/Privesc/Find-PathDLLHijack.md @@ -0,0 +1,45 @@ +# Find-PathDLLHijack
+
+## SYNOPSIS
+Finds all directories in the system %PATH% that are modifiable by the current user.
+
+Author: Will Schroeder (@harmj0y)
+License: BSD 3-Clause
+Required Dependencies: Get-ModifiablePath
+
+## SYNTAX
+
+```
+Find-PathDLLHijack
+```
+
+## DESCRIPTION
+Enumerates the paths stored in Env:Path (%PATH) and filters each through Get-ModifiablePath
+to return the folder paths the current user can write to.
+On Windows 7, if wlbsctrl.dll is
+written to one of these paths, execution for the IKEEXT can be hijacked due to DLL search
+order loading.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+Find-PathDLLHijack
+```
+
+Finds all %PATH% .DLL hijacking opportunities.
+
+## PARAMETERS
+
+## INPUTS
+
+## OUTPUTS
+
+### PowerUp.HijackableDLL.Path
+
+## NOTES
+
+## RELATED LINKS
+
+[http://www.greyhathacker.net/?p=738](http://www.greyhathacker.net/?p=738)
+
|