Updated Privesc README.md and .psd1 to reflect the new PowerUp function names.

2016-06-02 02:14:38 -04:00 · 2016-06-02 02:14:38 -04:00 · 8083c1e1bb
parent 3c209ee6b3
commit 8083c1e1bb
2 changed files with 42 additions and 32 deletions
--- a/Privesc/Privesc.psd1
+++ b/Privesc/Privesc.psd1
@ -10,7 +10,7 @@ ModuleVersion = '3.0.0.0'
 GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'

 # Author of this module
-Author = 'Will Schroder'
+Author = 'Will Schroeder'

 # Copyright statement for this module
 Copyright = 'BSD 3-Clause'
@ -23,28 +23,32 @@ PowerShellVersion = '2.0'

 # Functions to export from this module
 FunctionsToExport = @(
-    'Find-DLLHijack',
+    'Add-ServiceDacl',
    'Find-PathHijack',
+    'Find-ProcessDLLHijack',
    'Get-ApplicationHost',
-    'Get-RegAlwaysInstallElevated',
-    'Get-RegAutoLogon',
+    'Get-ModifiablePath',
+    'Get-ModifiableScheduledTaskFile',
+    'Get-ModifiableService',
+    'Get-ModifiableServiceFile',
+    'Get-RegistryAlwaysInstallElevated',
+    'Get-RegistryAutoLogon',
+    'Get-RegistryAutoRun',
    'Get-ServiceDetail',
-    'Get-ServiceFilePermission',
-    'Get-ServicePermission',
    'Get-ServiceUnquoted',
+    'Get-SiteListPassword',
+    'Get-System',
    'Get-UnattendedInstallFile',
-    'Get-VulnAutoRun',
-    'Get-VulnSchTask',
    'Get-Webconfig',
    'Install-ServiceBinary',
    'Invoke-AllChecks',
    'Invoke-ServiceAbuse',
    'Restore-ServiceBinary',
+    'Set-ServiceBinPath',
+    'Test-ServiceDaclPermission',
    'Write-HijackDll',
    'Write-ServiceBinary',
-    'Write-UserAddMSI',
-    'Get-SiteListPassword',
-    'Get-System'
+    'Write-UserAddMSI'
 )

 # List of all files packaged with this module
--- a/Privesc/README.md
+++ b/Privesc/README.md
@ -29,8 +29,8 @@ Optional Dependencies: None

 ### Service Enumeration:
    Get-ServiceUnquoted                 -   returns services with unquoted paths that also have a space in the name
-    Get-ServiceFilePermission       -   returns services where the current user can write to the service binary path or its config
-    Get-ServicePermission           -   returns services the current user can modify
+    Get-ModifiableServiceFile           -   returns services where the current user can write to the service binary path or its config
+    Get-ModifiableService               -   returns services the current user can modify
    Get-ServiceDetail                   -   returns detailed information about a specified service

 ### Service Abuse:
@ -40,20 +40,26 @@ Optional Dependencies: None
    Restore-ServiceBinary               -   restores a replaced service binary with the original executable

 ### DLL Hijacking:
-    Find-DLLHijack                  -   finds .dll hijacking opportunities for currently running processes
+    Find-ProcessDLLHijack               -   finds potential DLL hijacking opportunities for currently running processes
    Find-PathHijack                     -   finds service %PATH% .dll hijacking opportunities
    Write-HijackDll                     -   writes out a hijackable .dll
    
 ### Registry Checks:
-    Get-RegAlwaysInstallElevated    -   checks if the AlwaysInstallElevated registry key is set
-    Get-RegAutoLogon                -   checks for Autologon credentials in the registry
-    Get-VulnAutoRun                 -   checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns
+    Get-RegistryAlwaysInstallElevated   -  checks if the AlwaysInstallElevated registry key is set
+    Get-RegistryAutoLogon               -   checks for Autologon credentials in the registry
+    Get-RegistryAutoRun                 -   checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns

-### Misc.:
-    Get-VulnSchTask                 -   find schtasks with modifiable target files
+### Miscellaneous Checks:
+    Get-ModifiableScheduledTaskFile     -   find schtasks with modifiable target files
    Get-UnattendedInstallFile           -   finds remaining unattended installation files
    Get-Webconfig                       -   checks for any encrypted web.config strings
    Get-ApplicationHost                 -   checks for encrypted application pool and virtual directory passwords
+    Get-SiteListPassword                -   retrieves the plaintext passwords for any found McAfee's SiteList.xml files
+
+### Other Helpers/Meta-Functions:
+    Get-ModifiablePath                  -   tokenizes an input string and returns the files in it the current user can modify
+    Add-ServiceDacl                     -   adds a Dacl field to a service object returned by Get-Service
+    Set-ServiceBinPath                  -   sets the binary path for a service to a specified value through Win32 API methods
+    Test-ServiceDaclPermission          -   tests one or more passed services or service names against a given permission set
    Write-UserAddMSI                    -   write out a MSI installer that prompts for a user to be added
    Invoke-AllChecks                    -   runs all current escalation checks and returns a report
-