Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds dlls from knowndll paths to knowndlls

This commit is contained in:
Dave Hull 2017-09-08 16:30:06 -05:00
parent c7985c9bc3
commit bf652bcd26
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Privesc/PowerUp.ps1
View File

@ -2368,6 +2368,8 @@ function Find-ProcessDLLHijack {
# http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx # http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx
$Keys = (Get-Item "HKLM:\System\CurrentControlSet\Control\Session Manager\KnownDLLs") $Keys = (Get-Item "HKLM:\System\CurrentControlSet\Control\Session Manager\KnownDLLs")
$KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName) }) | Where-Object { $_.EndsWith(".dll") } $KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName) }) | Where-Object { $_.EndsWith(".dll") }
$KnownDLLPaths = $(ForEach ($name in $Keys.GetValueNames()) { $Keys.GetValue($name).tolower() }) | Where-Object { -not $_.EndsWith(".dll") }
$KnownDLLs += ForEach ($path in $KnownDLLPaths) { ls -force $path\*.dll | Select-Object -ExpandProperty Name | ForEach-Object { $_.tolower() }}
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# get the owners for all processes # get the owners for all processes