Question

编写了以下Powershell脚本来扫描和修复在引用路径中容易被利用的包含空格的未加引号的服务路径。该脚本，当运行＆＃34;。\ Get-ServicePathVulnerabilities＆＃34;对于任何允许的开关，永远不要执行$ Fix（-Fix）开关的if语句。请查看此源代码并帮助我确定问题，因为这是一个非常方便的脚本，可以在任何人的武器库中使用。

Function Get-ServicePathVulnerabilities {
[Cmdletbinding()]
Param (
    [switch]$Fix
) # End Param


Begin {
    $VulnerableServices=@()

    if ($Fix){Write-Verbose "Scan Mode: Fix"} else {Write-Verbose "Scan Mode: Audit"}

} # End Begin


Process {

    # Gather Services information from WMI
    $Services = Get-WmiObject -Class win32_service -Property name,pathname

    # Filter out services that have been enclosed with quotations
    $UnquotedPath = $Services | Where-Object {$_.PathName -notmatch '"'} | Select Name,PathName

    # Loop through services without quotations
    foreach ($Path in $UnquotedPath) {

        $Drive = $Path.PathName | Split-Path -Qualifier
        $Executable = $Path.PathName | Split-Path -Leaf

        # Conditional Logic to determine vulnerability
        # Note: Some service paths may be unquoted and include spaces, but not vulnerable. They could just be a path to executable (no spaces) with a command line switch parameter that may contain a space.
        #       To avoid false positives, the logic below will exclude spaces used in any parameters
        if( ($Path.PathName -match ' ') -and ($Executable -notmatch ' ') -and ($Path.PathName -notmatch './') ) {

            # Vulnerability Found
            Write-Warning ("Unquoted Service Path Discovered for " + $Path.Name + "    PATH: " + $Path.PathName)
            $VulnerableServices += New-Object PSObject -Property @{
                ServiceName = $Path.Name
                ServicePath = $Path.PathName
                HostName = $env:COMPUTERNAME
            } # End Object

        } # End conditional operators

    } # End Foreach Path in UnquotedPath



    # Attempt to encapsulate path in quotes if specified
    if ($Fix) {
        $VulnerableServices | ForEach-Object {
            Write-Verbose ("Attempting to fix " + $_.Servicename)
            $OriginalPath = $_.ServicePath
            $QuotedServicePath = ('"' + $_.ServicePath + '"')
            $RegistryLocation = ('HKLM:\SYSTEM\CurrentControlSet\Services\' + $_.ServiceName)

            Try {
                Set-ItemProperty -Path $RegistryLocation -Name ImagePath -Value $QuotedServicePath -Verbose
                $_.ServicePath = $QuotedServicePath
            } Catch {
                Write-Error ("Unable to fix " + $_.Servicename)
            } # End Try/Catch


        } # End Foreach object in VulnerableServices

    } # End if Fix was Specified


} # End Process


End {

    if ($VulnerableServices) {Return $VulnerableServices} else {Write-Verbose "No Unquoted Service path Vulnerabilites have been found"}

} # End End

} # Get-ServicePathVulnerabilites

Powershell脚本似乎停留在else语句中，从不执行switch

0 个答案: