Skip to content

Commit b919244

Browse files
AdrianVollmerAdrianVollmer
committed
catch ACL access violation exception in Invoke-PrivescAudit
1 parent 1c5bc6b commit b919244

File tree

1 file changed

+28
-23
lines changed

1 file changed

+28
-23
lines changed

Privesc/PowerUp.ps1

Lines changed: 28 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -895,38 +895,43 @@ a modifiable path.
895895

896896
$CandidatePaths | Sort-Object -Unique | ForEach-Object {
897897
$CandidatePath = $_
898-
Get-Acl -Path $CandidatePath | Select-Object -ExpandProperty Access | Where-Object {($_.AccessControlType -match 'Allow')} | ForEach-Object {
898+
try {
899+
Get-Acl -Path $CandidatePath | Select-Object -ExpandProperty Access | Where-Object {($_.AccessControlType -match 'Allow')} | ForEach-Object {
899900

900-
$FileSystemRights = $_.FileSystemRights.value__
901+
$FileSystemRights = $_.FileSystemRights.value__
901902

902-
$Permissions = $AccessMask.Keys | Where-Object { $FileSystemRights -band $_ } | ForEach-Object { $AccessMask[$_] }
903+
$Permissions = $AccessMask.Keys | Where-Object { $FileSystemRights -band $_ } | ForEach-Object { $AccessMask[$_] }
903904

904-
# the set of permission types that allow for modification
905-
$Comparison = Compare-Object -ReferenceObject $Permissions -DifferenceObject @('GenericWrite', 'GenericAll', 'MaximumAllowed', 'WriteOwner', 'WriteDAC', 'WriteData/AddFile', 'AppendData/AddSubdirectory') -IncludeEqual -ExcludeDifferent
905+
# the set of permission types that allow for modification
906+
$Comparison = Compare-Object -ReferenceObject $Permissions -DifferenceObject @('GenericWrite', 'GenericAll', 'MaximumAllowed', 'WriteOwner', 'WriteDAC', 'WriteData/AddFile', 'AppendData/AddSubdirectory') -IncludeEqual -ExcludeDifferent
906907

907-
if ($Comparison) {
908-
if ($_.IdentityReference -notmatch '^S-1-5.*') {
909-
if (-not ($TranslatedIdentityReferences[$_.IdentityReference])) {
910-
# translate the IdentityReference if it's a username and not a SID
911-
$IdentityUser = New-Object System.Security.Principal.NTAccount($_.IdentityReference)
912-
$TranslatedIdentityReferences[$_.IdentityReference] = $IdentityUser.Translate([System.Security.Principal.SecurityIdentifier]) | Select-Object -ExpandProperty Value
908+
if ($Comparison) {
909+
if ($_.IdentityReference -notmatch '^S-1-5.*') {
910+
if (-not ($TranslatedIdentityReferences[$_.IdentityReference])) {
911+
# translate the IdentityReference if it's a username and not a SID
912+
$IdentityUser = New-Object System.Security.Principal.NTAccount($_.IdentityReference)
913+
$TranslatedIdentityReferences[$_.IdentityReference] = $IdentityUser.Translate([System.Security.Principal.SecurityIdentifier]) | Select-Object -ExpandProperty Value
914+
}
915+
$IdentitySID = $TranslatedIdentityReferences[$_.IdentityReference]
916+
}
917+
else {
918+
$IdentitySID = $_.IdentityReference
913919
}
914-
$IdentitySID = $TranslatedIdentityReferences[$_.IdentityReference]
915-
}
916-
else {
917-
$IdentitySID = $_.IdentityReference
918-
}
919920

920-
if ($CurrentUserSids -contains $IdentitySID) {
921-
$Out = New-Object PSObject
922-
$Out | Add-Member Noteproperty 'ModifiablePath' $CandidatePath
923-
$Out | Add-Member Noteproperty 'IdentityReference' $_.IdentityReference
924-
$Out | Add-Member Noteproperty 'Permissions' $Permissions
925-
$Out.PSObject.TypeNames.Insert(0, 'PowerUp.ModifiablePath')
926-
$Out
921+
if ($CurrentUserSids -contains $IdentitySID) {
922+
$Out = New-Object PSObject
923+
$Out | Add-Member Noteproperty 'ModifiablePath' $CandidatePath
924+
$Out | Add-Member Noteproperty 'IdentityReference' $_.IdentityReference
925+
$Out | Add-Member Noteproperty 'Permissions' $Permissions
926+
$Out.PSObject.TypeNames.Insert(0, 'PowerUp.ModifiablePath')
927+
$Out
928+
}
927929
}
928930
}
929931
}
932+
catch {
933+
Write-Warning $_
934+
}
930935
}
931936
}
932937
}

0 commit comments

Comments
 (0)