search

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows
BSD 3-Clause "New" or "Revised" License
2.79k stars 416 forks source link

Invoke-WlanProfilesCheck crashes #28

Closed exploide closed 2 years ago

exploide commented 2 years ago

On a Microsoft Windows Server 2019 Standard, PrivescCheck crashed when checking wifi profiles. Running Invoke-WlanProfilesCheck as a standalone check reproduces this for me.

> Invoke-WlanProfilesCheck
Cannot bind argument to parameter 'Message' because it is null.
    + CategoryInfo          : InvalidData: (:) [Invoke-WlanProfilesCheck], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Invoke-WlanProfilesCheck
itm4n commented 2 years ago

I checked on a Windows Server 2019 Standard VM but I can't reproduce the issue.

PS C:\Users\lab-user\Desktop> Invoke-WlanProfilesCheck -Verbose
VERBOSE: Exception calling "WlanOpenHandle" with "4" argument(s): "Unable to find an entry point named 'WlanOpenHandle'
 in DLL 'wlanapi'."

I do get the above exception though if I enable the "Verbose" mode but that's expected as the "wlanapi" doesn't exist on server editions.

However, this error is most probably caused by this part of the code:

try {
  # check implementation
}
catch {
  # Catch exceptions in case wlanapi doesn't exist
  Write-Verbose $Error[0]
}

There is an implicit parameter binding here as Write-Verbose expects a Message value. The proper way to write this would be Write-Verbose -Message $Error[0]. In your case, it seems that $Error[0] was null, hence the error.

I "fixed" this simply by adding a null check on the exception message.

try {
  # check implementation
}
catch {
  if ($Error[0]) { Write-Verbose -Message $Error[0] }
}
exploide commented 2 years ago

Thank you very much :)