From 7edebdaf8a0b9af2920a2652fe628279388a2bf2 Mon Sep 17 00:00:00 2001 From: Bubbl3H3d <31154539+Bubbl3H3d@users.noreply.github.com> Date: Sun, 1 Oct 2017 14:56:39 -0400 Subject: [PATCH] PowerUp.ps1:883,1458 - Remove "C:\" False Positives By default, the C:\ folder has special permissions set that allow unprivileged users to create new folders, but not to create or modify files in C:\ . This special premission set is misinterpreted by the script as a writable folder in the path, even though it is not. The proposed change removes results that return C:\ (subfolders within C:\ are still returned if they are modifiable). --- Privesc/PowerUp.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 072b03e..4db0efb 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -880,7 +880,7 @@ function Get-ModifiablePath { # if the path doesn't exist, check if the parent folder allows for modification try { $ParentPath = (Split-Path -Path $TempPath -Parent).Trim() - if($ParentPath -and ($ParentPath -ne '') -and (Test-Path -Path $ParentPath )) { + if($ParentPath -and ($ParentPath -ne '','C:\') -and (Test-Path -Path $ParentPath )) { $CandidatePaths += Resolve-Path -Path $ParentPath | Select-Object -ExpandProperty Path } } @@ -1455,7 +1455,7 @@ function Get-ServiceUnquoted { $ModifiableFiles = $Service.pathname.split(' ') | Get-ModifiablePath - $ModifiableFiles | Where-Object {$_ -and $_.ModifiablePath -and ($_.ModifiablePath -ne '')} | Foreach-Object { + $ModifiableFiles | Where-Object -filterscript {$_ -and $_.ModifiablePath -and ($_.ModifiablePath -ne '') -and -not ($_.ModifiablePath.EndsWith('C:\'))} | Foreach-Object { $ServiceRestart = Test-ServiceDaclPermission -PermissionSet 'Restart' -Name $Service.name if($ServiceRestart) {