Scan Dir Permissions - PowerShell for Pentesters (PSSE)
Hey All! This is my write-up for my third PowerShell for Pentesters exam task, scanning the system32 directory for full write access for Everyone. The reason we are looking for write access here is that it represents a misconfiguration that would easily allow for privilege escalation on the system, from Everyone to running under the context of a privileged user who calls one of these libraries, through a technique known as dll search order hijacking! My script takes this a little further, by also allowing one to run a search on the security permissions in the current users $PATH, another location prime for search order hijacking. I've also added flags to let the user search directories arbitrarily, recursively, and only output when it's uncovered an issue (vs it's normal verbose mode). You can find this script in my PSSE collection, and I've also included a snippet of it's help menu and it running below, for the curious! But please, check it out, contribute, and let me know what you think! Below is an example of the arbitraty scanning, alerting, and recursion. The arbitrary scanning defaults to the current working directory, which you see in the following examples. I encourage you to try the special -Sys32Scan and -PathScan flags yourself! Sometimes their output can be a little too verbose to make for a good example. Also don't forget to write your results to a file when they get that large!
This blogpost has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam:
https://www.securitytube-training.com/online-courses/powershell-for-pentesters/
Student ID: PSP-3061
This blogpost has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam:
https://www.securitytube-training.com/online-courses/powershell-for-pentesters/
Student ID: PSP-3061