search

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows
BSD 3-Clause "New" or "Revised" License
2.91k stars 422 forks source link

Empty WinLogon credentials #43

Closed itm4n closed 1 year ago

itm4n commented 1 year ago

The script returns empty WinLogon credentials.

+------+------------------------------------------------+------+
| TEST | CREDS > WinLogon                               | VULN |
+------+------------------------------------------------+------+
| DESC | Parse the Winlogon registry keys and check whether    |
|      | they contain any clear-text password. Entries that    |
|      | have an empty password field are filtered out.        |
+------+-------------------------------------------------------+
[*] Found 1 result(s).

Domain   : 
Username : 
Password :

This may occur if the values DefaultPassword or AltDefaultPassword exist but are empty. Indeed, the code only checks whether the value exist with $null -ne ....

if ($null -ne $RegItem.DefaultPassword) {
    # ...
}

if ($null -ne $RegItem.AltDefaultPassword) {
    # ....
}

The -ne comparison should be replaced by [System.String]::IsNullOrEmpty().

itm4n commented 1 year ago

Fixed with commit 446d9e0abfd815cfa5fcfb90b39bc1aac88a71b2.