From 7964823e3f398c41a7ad1c0e8c4c28c0806a9c0d Mon Sep 17 00:00:00 2001
From: HarmJ0y <will@harmj0y.net>
Date: Wed, 14 Dec 2016 11:53:29 -0500
Subject: Added documentation for PowerUp

---
 docs/Privesc/Find-PathDLLHijack.md | 45 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 docs/Privesc/Find-PathDLLHijack.md

(limited to 'docs/Privesc/Find-PathDLLHijack.md')

diff --git a/docs/Privesc/Find-PathDLLHijack.md b/docs/Privesc/Find-PathDLLHijack.md
new file mode 100755
index 0000000..f43fc69
--- /dev/null
+++ b/docs/Privesc/Find-PathDLLHijack.md
@@ -0,0 +1,45 @@
+# Find-PathDLLHijack
+
+## SYNOPSIS
+Finds all directories in the system %PATH% that are modifiable by the current user.
+
+Author: Will Schroeder (@harmj0y)  
+License: BSD 3-Clause  
+Required Dependencies: Get-ModifiablePath
+
+## SYNTAX
+
+```
+Find-PathDLLHijack
+```
+
+## DESCRIPTION
+Enumerates the paths stored in Env:Path (%PATH) and filters each through Get-ModifiablePath
+to return the folder paths the current user can write to.
+On Windows 7, if wlbsctrl.dll is
+written to one of these paths, execution for the IKEEXT can be hijacked due to DLL search
+order loading.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+Find-PathDLLHijack
+```
+
+Finds all %PATH% .DLL hijacking opportunities.
+
+## PARAMETERS
+
+## INPUTS
+
+## OUTPUTS
+
+### PowerUp.HijackableDLL.Path
+
+## NOTES
+
+## RELATED LINKS
+
+[http://www.greyhathacker.net/?p=738](http://www.greyhathacker.net/?p=738)
+
-- 
cgit v1.2.3