| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
the current directory location
Fixed other logic bugs in Get-ModifiablePath
Fixed bug in Add-ServiceDacl when the [ServiceProcess.ServiceController] wasn't loaded yet by Get-Service
Error handling for Get-CachedGPPPassword
Changed some Write-Warnings to Write-Verbose
Updated Privesc Pester tests for PowerUp
|
|
Get-GPPPassword.
Added Pester tests for Get-CachedGPPPassword.
|
|
Bug fixes
Corrected PowerUp Pester tests
Changed 'Path' field to 'ModifiablePath' in 'Get-ModifiablePath'
Get-ServiceUnquoted now filters paths through Get-ModifiablePath
|
|
Renamed Find-PathHijack to Find-PathDLLHijack
Fixed exposed functions in PowerSploit.psd1
|
|
|
|
|
|
Added Pester tests for Get-System
|
|
Encrypted password check for Get-SiteListPassword fields
|
|
Add 'CanRestart' to output and Pester tests
|
|
|
|
|
|
|
|
|
|
Pester tests to the function 'Test-ServiceDaclPermission' were added in
order to increase confidence in its reliability. In general, my
intention was to replace the current functionality of the service
management functions such as Invoke-ServiceStart, to not use blindly
'sc.exe start' but rather consult with the DACL permissions and base the
decision on that. Unforunately, further investigation lead me to the
conclusion that retrieval of the service's DACL permissions requires
that an additional DACL permission (RC) be set. This may lead to an edge
case that could miss a potential privilege escalation condition and
thereby the original idea was discarded. Nonetheless,
'Test-ServiceDaclPermission' can be used for less critical tasks.
Therefore, a 'CanRestart' property was added to the output of the
service enumeration functions such as 'Get-ServiceUnquoted' as I think
that it will add value to redteamers/pentesters by helping them
prioritise which service should be abused for escalation of privileges.
Services that can be restarted by a low privileged user will probably be
prioritised first. Additionally, manual checking whether the vulnerable
service can be restarted would not be required in most cases.
|
|
|
|
|
|
This reverts commit 98ebc1b0b8b64d069d34d80c128aa226b5e8416f.
|
|
Affected test harness PEs were updated to work in XP. Addresses issue
#100
|
|
The test dll I now use is advpack.dll since that is present in all
versions of windows.
|
|
|
|
for meta functions, in order to prevent failure when running on a non-domain joined machine
took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit a0ab599810f8f05a9bf24850fb9104516b71abb7.
|
|
|
|
|