Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit e2993b6

Browse files
HarmJ0yHarmJ0y
committed
Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.
1 parent a235313 commit e2993b6

1 file changed

Lines changed: 103 additions & 62 deletions

File tree

Tests/Privesc.tests.ps1

Lines changed: 103 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,13 @@ Describe 'Get-ModifiableFile' {
3131
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
3232
$Null | Out-File -FilePath $FilePath -Force
3333

34-
$Output = Get-ModifiableFile -Path $FilePath
35-
$Output | Should Be $FilePath
36-
37-
Remove-Item -Path $FilePath -Force
34+
try {
35+
$Output = Get-ModifiableFile -Path $FilePath
36+
$Output | Should Be $FilePath
37+
}
38+
finally {
39+
$Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
40+
}
3841
}
3942

4043
It 'Should extract a modifiable file specified as an argument in a command string.' {
@@ -43,10 +46,13 @@ Describe 'Get-ModifiableFile' {
4346

4447
$CmdPath = "'C:\Windows\System32\nonexistent.exe' -i '$FilePath'"
4548

46-
$Output = Get-ModifiableFile -Path $FilePath
47-
$Output | Should Be $FilePath
48-
49-
Remove-Item -Path $FilePath -Force
49+
try {
50+
$Output = Get-ModifiableFile -Path $FilePath
51+
$Output | Should Be $FilePath
52+
}
53+
finally {
54+
$Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
55+
}
5056
}
5157

5258
It 'Should return no results for a non-existent path.' {
@@ -59,7 +65,7 @@ Describe 'Get-ModifiableFile' {
5965
It 'Should accept a Path over the pipeline.' {
6066
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
6167

62-
$Output = Get-ModifiableFile -Path $FilePath
68+
$Output = $FilePath | Get-ModifiableFile
6369
$Output | Should BeNullOrEmpty
6470
}
6571
}
@@ -114,19 +120,23 @@ Describe 'Get-ServiceFilePermission' {
114120
}
115121

116122
It 'Should return a service with a modifiable service binary.' {
117-
$ServiceName = Get-RandomName
118-
$ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
119-
$Null | Out-File -FilePath $ServicePath -Force
120-
121-
sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
122-
123-
$Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
124-
sc.exe delete $ServiceName | Should Match "SUCCESS"
125-
Remove-Item -Path $ServicePath -Force
126-
127-
$Output | Should Not BeNullOrEmpty
128-
$Output.ServiceName | Should Be $ServiceName
129-
$Output.Path | Should Be $ServicePath
123+
try {
124+
$ServiceName = Get-RandomName
125+
$ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
126+
$Null | Out-File -FilePath $ServicePath -Force
127+
128+
sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
129+
130+
$Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
131+
sc.exe delete $ServiceName | Should Match "SUCCESS"
132+
133+
$Output | Should Not BeNullOrEmpty
134+
$Output.ServiceName | Should Be $ServiceName
135+
$Output.Path | Should Be $ServicePath
136+
}
137+
finally {
138+
$Null = Remove-Item -Path $ServicePath -Force
139+
}
130140
}
131141

132142
It 'Should not return a service with a non-existent service binary.' {
@@ -138,7 +148,7 @@ Describe 'Get-ServiceFilePermission' {
138148
$Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
139149
sc.exe delete $ServiceName | Should Match "SUCCESS"
140150

141-
$Output | Should BeNullOrEmpty
151+
$Output | Should BeNullOrEmpty
142152
}
143153
}
144154

@@ -167,6 +177,11 @@ Describe 'Get-ServiceDetail' {
167177
$Output = Get-ServiceDetail -ServiceName NonExistent123
168178
$Output | Should BeNullOrEmpty
169179
}
180+
181+
It 'Should accept a service name on the pipeline.' {
182+
$Output = "Dhcp" | Get-ServiceDetail
183+
$Output | Should Not BeNullOrEmpty
184+
}
170185
}
171186

172187

@@ -247,14 +262,18 @@ Describe 'Install-ServiceBinary' {
247262
}
248263

249264
AfterEach {
250-
$Null = Invoke-ServiceStop -ServiceName PowerUpService
251-
$Null = sc.exe delete "PowerUpService"
252-
$Null = $(net user john /delete >$Null 2>&1)
253-
if(Test-Path "$(Get-Location)\powerup.exe") {
254-
Remove-Item -Path "$(Get-Location)\powerup.exe" -Force
265+
try {
266+
$Null = Invoke-ServiceStop -ServiceName PowerUpService
267+
$Null = sc.exe delete "PowerUpService"
268+
$Null = $(net user john /delete >$Null 2>&1)
255269
}
256-
if(Test-Path "$(Get-Location)\powerup.exe.bak") {
257-
Remove-Item -Path "$(Get-Location)\powerup.exe.bak" -Force
270+
finally {
271+
if(Test-Path "$(Get-Location)\powerup.exe") {
272+
$Null = Remove-Item -Path "$(Get-Location)\powerup.exe" -Force -ErrorAction SilentlyContinue
273+
}
274+
if(Test-Path "$(Get-Location)\powerup.exe.bak") {
275+
$Null = Remove-Item -Path "$(Get-Location)\powerup.exe.bak" -Force -ErrorAction SilentlyContinue
276+
}
258277
}
259278
}
260279

@@ -348,12 +367,18 @@ Describe 'Find-PathHijack' {
348367

349368
New-Item -Path C:\PowerUpTest\ -ItemType directory -Force
350369

351-
$OldPath = $Env:PATH
352-
$Env:PATH += ';C:\PowerUpTest\'
370+
try {
371+
$OldPath = $Env:PATH
372+
$Env:PATH += ';C:\PowerUpTest\'
373+
374+
$Output = Find-PathHijack | Where-Object {$_.HijackablePath -like "*PowerUpTest*"}
353375

354-
$Output = Find-PathHijack | Where-Object {$_.HijackablePath -like "*PowerUpTest*"}
355-
$Env:PATH = $OldPath
356-
$Output.HijackablePath | Should Be 'C:\PowerUpTest\'
376+
$Env:PATH = $OldPath
377+
$Output.HijackablePath | Should Be 'C:\PowerUpTest\'
378+
}
379+
catch {
380+
$Null = Remove-Item -Recurse -Force 'C:\PowerUpTest\' -ErrorAction SilentlyContinue
381+
}
357382
}
358383
}
359384

@@ -362,12 +387,16 @@ Describe 'Write-HijackDll' {
362387

363388
It 'Should write a .dll that executes a custom command.' {
364389

365-
Write-HijackDll -OutputFile "$(Get-Location)\powerup.dll" -Command "net user testing Password123! /add"
366-
367-
"$(Get-Location)\powerup.dll" | Should Exist
368-
"$(Get-Location)\debug.bat" | Should Exist
369-
Remove-Item -Path "$(Get-Location)\powerup.dll" -Force
370-
Remove-Item -Path "$(Get-Location)\debug.bat" -Force
390+
try {
391+
Write-HijackDll -OutputFile "$(Get-Location)\powerup.dll" -Command "net user testing Password123! /add"
392+
393+
"$(Get-Location)\powerup.dll" | Should Exist
394+
"$(Get-Location)\debug.bat" | Should Exist
395+
}
396+
finally {
397+
$Null = Remove-Item -Path "$(Get-Location)\powerup.dll" -Force -ErrorAction SilentlyContinue
398+
$Null = Remove-Item -Path "$(Get-Location)\debug.bat" -Force -ErrorAction SilentlyContinue
399+
}
371400
}
372401
}
373402

@@ -397,16 +426,20 @@ Describe 'Get-VulnAutoRun' {
397426
{Get-VulnAutoRun} | Should Not Throw
398427
}
399428
It 'Should find a vulnerable autorun.' {
400-
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
401-
$Null | Out-File -FilePath $FilePath -Force
402-
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp -Value "vuln.exe -i '$FilePath'"
429+
try {
430+
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
431+
$Null | Out-File -FilePath $FilePath -Force
432+
$Null = Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp -Value "vuln.exe -i '$FilePath'"
403433

404-
$Output = Get-VulnAutoRun | ?{$_.Path -like "*$FilePath*"}
434+
$Output = Get-VulnAutoRun | ?{$_.Path -like "*$FilePath*"}
405435

406-
Remove-Item -Path $FilePath -Force
407-
$Null = Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp
408-
409-
$Output.ModifiableFile | Should Be $FilePath
436+
$Null = Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp
437+
438+
$Output.ModifiableFile | Should Be $FilePath
439+
}
440+
finally {
441+
$Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
442+
}
410443
}
411444
}
412445

@@ -424,16 +457,20 @@ Describe 'Get-VulnSchTask' {
424457

425458
It 'Should find a vulnerable config file for a binary specified in a schtask.' {
426459

427-
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
428-
$Null | Out-File -FilePath $FilePath -Force
429-
430-
$Null = schtasks.exe /create /tn PowerUp /tr "vuln.exe -i '$FilePath'" /sc onstart /ru System /f
460+
try {
461+
$FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
462+
$Null | Out-File -FilePath $FilePath -Force
431463

432-
$Output = Get-VulnSchTask | Where-Object {$_.TaskName -eq 'PowerUp'}
433-
$Null = schtasks.exe /delete /tn PowerUp /f
434-
Remove-Item -Path $FilePath -Force
464+
$Null = schtasks.exe /create /tn PowerUp /tr "vuln.exe -i '$FilePath'" /sc onstart /ru System /f
435465

436-
$Output.TaskFilePath | Should Be $FilePath
466+
$Output = Get-VulnSchTask | Where-Object {$_.TaskName -eq 'PowerUp'}
467+
$Null = schtasks.exe /delete /tn PowerUp /f
468+
469+
$Output.TaskFilePath | Should Be $FilePath
470+
}
471+
finally {
472+
$Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
473+
}
437474
}
438475
}
439476

@@ -445,11 +482,15 @@ Describe 'Get-UnattendedInstallFile' {
445482
It 'Should return a leftover autorun' {
446483
$FilePath = Join-Path $Env:WinDir "\System32\Sysprep\unattend.xml"
447484

448-
$Null | Out-File -FilePath $FilePath -Force
449-
$Output = Get-UnattendedInstallFile
450-
$Output | Should Not BeNullOrEmpty
485+
try {
486+
$Null | Out-File -FilePath $FilePath -Force
487+
$Output = Get-UnattendedInstallFile
451488

452-
Remove-Item -Path $FilePath -Force
489+
$Output | Should Not BeNullOrEmpty
490+
}
491+
finally {
492+
$Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
493+
}
453494
}
454495
}
455496

@@ -480,6 +521,6 @@ Describe 'Invoke-AllChecks' {
480521
$HtmlReportFile = "$($Env:ComputerName).$($Env:UserName).html"
481522

482523
$HtmlReportFile | Should Exist
483-
Remove-Item -Path $HtmlReportFile -Force
524+
$Null = Remove-Item -Path $HtmlReportFile -Force -ErrorAction SilentlyContinue
484525
}
485526
}

0 commit comments

Comments
 (0)