# three functions that produce filepath,Owner,Access,SDDL
# for the binaries listed by ps ("get-process")
# All rights reserved Ryan M. Ferris @ RMF Network Security
# Version r5:21 PM 9/6/2011
function Get-PSACL
{
ps | get-acl -ea 0 | Select pschildname,owner,AccessToString,Sddl
}
function Get-PEX
{
[array]$global:ps_list=ps
[array]$global:acl_list=$ps_list | get-acl -ea 0
$acl_list | Select @{label="FilePath"; Expression={ls $_.PsPath}},Owner,AccessToString,Sddl
}
function Get-PIDACL
{
foreach ($id in $(ps))
{$id | Select Name,ID,
@{Label="Owner";Expression={get-acl $id.Path | % {$_.Owner}}},
@{Label="Access";Expression={get-acl $id.Path | % {$_.AccessToString}}},
@{Label="SDDL";Expression={get-acl $id.Path | % {$_.SDDL}}}
}
}
Get-PSACL
Get-PEX
Get-PIDACL
Two other functions as well:
function FindSDDL
{
foreach ($i in (ls)) {$i| % {
$_.getaccesscontrol()} |
Select @{name="Path";Expression={$i | % {$_.Name}}},
@{name="Type";Expression={$i | % {$_.gettype().Name}}},
Owner,
Access,
SDDL }
}
function RecurseSDDL
{
foreach ($i in (ls -recurse)) {$i| % {
$_.getaccesscontrol()} |
Select @{name="Name";Expression={$i | % {$_.Name}}},
@{name="Path";Expression={$i | % {$_.PSParentPath}}},
@{name="Type";Expression={$i | % {$_.gettype().Name}}},
Owner,
Access,
SDDL }
}
(or maybe better):
function FindSDDL
{
foreach ($i in (ls)) {$i.getaccesscontrol() |
Select -property Owner,Access,SDDL,
@{name="Path";Expression={$i.Name}},
@{name="Type";Expression={$i.gettype().Name}}
}
}
function RecurseSDDL
{
$lsr=ls -recurse
foreach ($i in $lsr) {$i.getaccesscontrol() |
Select -property Owner,Access,SDDL,
@{name="Name";Expression={$i.Name}},
@{name="Path";Expression={$i.PSParentPath}},
@{name="Type";Expression={$i.gettype().Name}}
}
}
No comments:
Post a Comment