Closed zaleoth closed 2 years ago
After a little dig it shall revolve around a check missing in ServicesInfoHelper.cs
Around line 216-218, a check against ace.AceType might solve the issue.
https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.commonace?view=net-6.0
Sorry for not proposing any push, but I haven't coded in C# since ages and I'm a bit afraid of doing it terribly wrong now...
Hey mate! Thank you very much for letting me know about this bug! Unfortunately this looks like a very important bug but I'm going to be very busy these days. Therefore, I would highly appreciate if you could send a PR fixing this issue (as you also can check in that PC if the fix worked).
Hi @zaleoth, This should be fixed in the last release. Please, if you still can, check it and reopen the issue if this it's not fixed
Thank you very much for the update and follow up, however I can't check for it anymore, sorry...
Issue description
Rights over services incorrectly reported with winpeas when a specific right is explicitly denied.
Steps to reproduce the issue
scan services
obtained results :
Actual rights : .
Which parameters did you use for executing the script and how did you execute it?
Standard winpeas execution on Win10. No obfuscation. x64.
Is there any AV / Threat protection in the system?
McAfee AV
Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)
Windows 10 20H2 (19042)