Closed LuemmelSec closed 2 months ago
Good catch, I must have missed that. I appreciate it.
Now that I am looking at the code I based it off of, I see that I should reorganize it a bit more. I moved the test onto a system that I know isn't vulnerable and is still coming back vulnerable. https://github.com/xbufu/PrintNightmareCheck/blob/main/Invoke-NightmareCheck.ps1
Sounds like a plan :) you are welcome.
I made the updates if you want to check it out again.
It looks good now :)
In your code you always set it to vulnerable, no matter what the outcome of the checks is:
CheckSpoolerService(); CheckPatchStatus(); CheckRegistrySettings();
vulnerabilities.SetAsVulnerable(Id);
Hence, it always shows vulnerable.
It would be better to place the setting into each of your functions and then ONLY if the checks implies that the system IS vulnerable. For example here:
switch (sc.Status) { case ServiceControllerStatus.Running: DebugUtility.DebugPrint("Print Spooler service is ENABLED and RUNNING."); SET VULNERABLE break; case ServiceControllerStatus.Stopped: DebugUtility.DebugPrint("Print Spooler service is ENABLED but STOPPED."); break; default: DebugUtility.DebugPrint("Print Spooler service status is UNKNOWN."); break; }
It only makes sense to set vulnerable when it is enabled and running, maybe when stopped. It would also make sense to have a "might be vulnerable" option as you also check for those options. Just saying it IS vulnerable is pretty misleading in the default output.