Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit bf652bc

Browse files
author
Dave Hull
committed
Adds dlls from knowndll paths to knowndlls
1 parent c7985c9 commit bf652bc

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

Privesc/PowerUp.ps1

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2368,6 +2368,8 @@ function Find-ProcessDLLHijack {
23682368
# http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx
23692369
$Keys = (Get-Item "HKLM:\System\CurrentControlSet\Control\Session Manager\KnownDLLs")
23702370
$KnownDLLs = $(ForEach ($KeyName in $Keys.GetValueNames()) { $Keys.GetValue($KeyName) }) | Where-Object { $_.EndsWith(".dll") }
2371+
$KnownDLLPaths = $(ForEach ($name in $Keys.GetValueNames()) { $Keys.GetValue($name).tolower() }) | Where-Object { -not $_.EndsWith(".dll") }
2372+
$KnownDLLs += ForEach ($path in $KnownDLLPaths) { ls -force $path\*.dll | Select-Object -ExpandProperty Name | ForEach-Object { $_.tolower() }}
23712373
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
23722374

23732375
# get the owners for all processes

0 commit comments

Comments
 (0)