Looking for exe, dll with interesting rights, not belonging to the current user

[phackt]

Hi Clement,

I was wondering if, in the extended mode, it may be relevant to have a full picture of permissions abuse of any executable or dll which do not belong to the current user and where this last one has interesting permissions on the exe or dll ? I just fear it may be a bit long to enumerate.

Let me know, Cheers.

[itm4n]

Hello!

In the initial version, I checked all files and folders recursively within C:\Program Files\. The problem is that it can take a very long time if lots of applications are installed. Therefore, I intentionally limited the recursion as a reasonable tradeoff. That being said, I could well add a -Force option on this particular function (Invoke-ModifiableProgramsCheck) such that it would not impact the normal execution of the script but it would allow to perform a more thorough scan manually.

What do you think about this?

[phackt]

Yes it s a great idea, i will also have to dive into why i missed a privesc path dealing with the builtin scmanager service (seems i have permissive right on it).

Keep in touch, Have a nice day Clément.

[itm4n]

If you think the script missed something, do not hesitate to open a new issue and include as many details as you can. Sometimes, there are edges cases I haven't thought about, and fixing these issues benefits everyone.

Regarding your initial request, I add this to my TODO list. There is a few other minor issues I need to work on as well.

Thanks! Have a nice day too.

[itm4n]

I do not see how to fix/improve this. Besides, this is a minor issue and it has been left open for a while now, which does not make much sense, so I will close it. ¯\_(ツ)_/¯