blob: f43fc692175d75fee7c5639013f40703e51a274f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Find-PathDLLHijack
## SYNOPSIS
Finds all directories in the system %PATH% that are modifiable by the current user.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: Get-ModifiablePath
## SYNTAX
```
Find-PathDLLHijack
```
## DESCRIPTION
Enumerates the paths stored in Env:Path (%PATH) and filters each through Get-ModifiablePath
to return the folder paths the current user can write to.
On Windows 7, if wlbsctrl.dll is
written to one of these paths, execution for the IKEEXT can be hijacked due to DLL search
order loading.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
Find-PathDLLHijack
```
Finds all %PATH% .DLL hijacking opportunities.
## PARAMETERS
## INPUTS
## OUTPUTS
### PowerUp.HijackableDLL.Path
## NOTES
## RELATED LINKS
[http://www.greyhathacker.net/?p=738](http://www.greyhathacker.net/?p=738)
|