Forum Discussion
manojviduranga
Apr 29, 2022Iron Contributor
Windows Unquoted Service Path Enumeration - Is this still a case in modern Windows (10, 11) ?
Hi Folks, This could be irrelevant as the issue goes back to few years and Microsoft may have already fixed it but, just wanted verify/confirm. Windows Unquoted Path Enumeration vulnerabilit...
- May 04, 2022The above response is the latest on this as I could not fetch anything specific to Microsoft on this. this script does a fantastic job on fixing the paths if there's any so if you happen to have this issue, It'd be really handy (hats off to those who contributed to this project!) - https://github.com/VectorBCO/windows-path-enumerate/
juan21352
Feb 27, 2023Copper Contributor
How do you know if it succeeds. My vulnerability solution indicates the existence of the threat but does not specify the reg keys that are unquoted for the server KDSERVICE (Kyocera Printer Driver)
akashAhuja
Apr 26, 2023Copper Contributor
I managed to replicate this. Just copy 'calc.exe' to your c:\ and rename it as 'documents.exe' and another copy as 'program.exe'.
Now every time you restart your computer, a calculator will open up.
This happens because start up processes look for "C:\Program Files\*" but end up running "C:\program.exe" with rest of the code items as arguments.
In reality, if someone malicious gets access to such an extent that they are able to place an executable on your c: drive, I call that checkmate anyways.
- juan21352Apr 26, 2023Copper ContributorYes, locating the key under HKLM... Service I was able to manually add the quotes, also can be applied via GPO to add quotes updating a string