[user mistake] Failed to detect the writable program/script in task scheduler jobs - Githubissues

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows

BSD 3-Clause "New" or "Revised" License

2.91k stars 422 forks source link

[user mistake] Failed to detect the writable program/script in task scheduler jobs #6

Closed d0gkiller87 closed 3 years ago

d0gkiller87 commented 3 years ago

Test Environment:

Windows 1809 Build 17763.1577, PowerShell 1.0

Steps to Reproduce:

Log in to a administrator account
Create a powershell script
Make the script writable by everyone (go to the security tab of the file attributes and change it)
Create a task scheduler job, set the action to run the script above with the highest privileges
Log in to a low privilege account
Run PrivescCheck

Result:

| OK | None | SCHEDULED TASKS > Binary Permissions                            |
| OK | None | SCHEDULED TASKS > Unquoted Path                                 |
| OK | None | SCHEDULED TASKS > Binary Permissions                            |
| OK | None | SCHEDULED TASKS > Unquoted Path                                 |

Description:

The configuration above allows the program/script (runs with a high privilege) to be changed by anyone. However PrivescCheck failed to detect it.

d0gkiller87 commented 3 years ago

My mistake. The task was not accessible by the low privilege account at all. Thus PrivescCheck cannot get the information at all is reasonable.