From 7964823e3f398c41a7ad1c0e8c4c28c0806a9c0d Mon Sep 17 00:00:00 2001
From: HarmJ0y <will@harmj0y.net>
Date: Wed, 14 Dec 2016 11:53:29 -0500
Subject: Added documentation for PowerUp

---
 docs/Privesc/Get-ModifiableServiceFile.md | 45 +++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 docs/Privesc/Get-ModifiableServiceFile.md

(limited to 'docs/Privesc/Get-ModifiableServiceFile.md')

diff --git a/docs/Privesc/Get-ModifiableServiceFile.md b/docs/Privesc/Get-ModifiableServiceFile.md
new file mode 100755
index 0000000..ab01e42
--- /dev/null
+++ b/docs/Privesc/Get-ModifiableServiceFile.md
@@ -0,0 +1,45 @@
+# Get-ModifiableServiceFile
+
+## SYNOPSIS
+Enumerates all services and returns vulnerable service files.
+
+Author: Will Schroeder (@harmj0y)  
+License: BSD 3-Clause  
+Required Dependencies: Test-ServiceDaclPermission, Get-ModifiablePath
+
+## SYNTAX
+
+```
+Get-ModifiableServiceFile
+```
+
+## DESCRIPTION
+Enumerates all services by querying the WMI win32_service class.
+For each service,
+it takes the pathname (aka binPath) and passes it to Get-ModifiablePath to determine
+if the current user has rights to modify the service binary itself or any associated
+arguments.
+If the associated binary (or any configuration files) can be overwritten,
+privileges may be able to be escalated.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+Get-ModifiableServiceFile
+```
+
+Get a set of potentially exploitable service binares/config files.
+
+## PARAMETERS
+
+## INPUTS
+
+## OUTPUTS
+
+### PowerUp.ModifiablePath
+
+## NOTES
+
+## RELATED LINKS
+
-- 
cgit v1.2.3