From 7964823e3f398c41a7ad1c0e8c4c28c0806a9c0d Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Wed, 14 Dec 2016 11:53:29 -0500 Subject: Added documentation for PowerUp --- docs/Privesc/Get-ModifiablePath.md | 102 +++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100755 docs/Privesc/Get-ModifiablePath.md (limited to 'docs/Privesc/Get-ModifiablePath.md') diff --git a/docs/Privesc/Get-ModifiablePath.md b/docs/Privesc/Get-ModifiablePath.md new file mode 100755 index 0000000..2a1118f --- /dev/null +++ b/docs/Privesc/Get-ModifiablePath.md @@ -0,0 +1,102 @@ +# Get-ModifiablePath + +## SYNOPSIS +Parses a passed string containing multiple possible file/folder paths and returns +the file paths where the current user has modification rights. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +## SYNTAX + +``` +Get-ModifiablePath [-Path] [-Literal] +``` + +## DESCRIPTION +Takes a complex path specification of an initial file/folder path with possible +configuration files, 'tokenizes' the string in a number of possible ways, and +enumerates the ACLs for each path that currently exists on the system. +Any path that +the current user has modification rights on is returned in a custom object that contains +the modifiable path, associated permission set, and the IdentityReference with the specified +rights. +The SID of the current user and any group he/she are a part of are used as the +comparison set against the parsed path DACLs. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +'"C:\Temp\blah.exe" -f "C:\Temp\config.ini"' | Get-ModifiablePath +``` + +Path Permissions IdentityReference +---- ----------- ----------------- +C:\Temp\blah.exe {ReadAttributes, ReadCo... +NT AUTHORITY\Authentic... +C:\Temp\config.ini {ReadAttributes, ReadCo... +NT AUTHORITY\Authentic... + +### -------------------------- EXAMPLE 2 -------------------------- +``` +Get-ChildItem C:\Vuln\ -Recurse | Get-ModifiablePath +``` + +Path Permissions IdentityReference +---- ----------- ----------------- +C:\Vuln\blah.bat {ReadAttributes, ReadCo... +NT AUTHORITY\Authentic... +C:\Vuln\config.ini {ReadAttributes, ReadCo... +NT AUTHORITY\Authentic... +... + +## PARAMETERS + +### -Path +The string path to parse for modifiable files. +Required + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: FullName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Literal +Switch. +Treat all paths as literal (i.e. +don't do 'tokenization'). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: LiteralPaths + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +### PowerUp.TokenPrivilege.ModifiablePath + +Custom PSObject containing the Permissions, ModifiablePath, IdentityReference for +a modifiable path. + +## NOTES + +## RELATED LINKS + -- cgit v1.2.3