Created
April 7, 2017 12:24
-
-
Save SadProcessor/79bd7193b123b7607f1db7ad22d3734e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-CheeseOnToast{[CmdletBinding(DefaultParameterSetname='Dirty')][Alias('CheeseOnToast')]Param([ValidateSet('MS10015','MS10092','MS13053','MS13081','MS14058','MS15051','MS15078','MS16016','MS16032')][Parameter(Position=0,Mandatory=$false)][String[]]$Vuln,[Parameter(Mandatory=$false,ValueFromPipeline=$true)][Alias('Target','T')][String[]]$ComputerName=$env:COMPUTERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('U')][String]$User=$env:USERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('P')][String]$Pass,[Parameter(Mandatory=$true,ParameterSetname='Clean')][Alias('C')][Switch]$CredBox,[Parameter(Mandatory=$false)][Alias('All','A')][Switch]$ShowAll);Begin{$Result=@();$Creds=@{};if($PSCmdlet.ParameterSetName -eq 'Clean'){$Creds=Get-Credential -U $env:USERNAME -M 'Please Enter Creds'}else{if($Pass){$Creds['Credential']=New-Object System.Management.Automation.PSCredential -A $User,$(ConvertTo-SecureString $Pass -A -F)}};switch($Vuln){'MS10015'{$MS10015=$true};'MS10092'{$MS10092=$true};'MS13053'{$MS13053=$true};'MS13081'{$MS13081=$true};'MS14058'{$MS14058=$true};'MS15051'{$MS15051=$true};'MS15078'{$MS15078=$true};'MS16016'{$MS16016=$true};'MS16032'{$MS16032=$true};Default {$MS10015=$MS10092=$MS13053=$MS13081=$MS14058=$MS15051=$MS15078=$MS16016=$MS16032=$true}}};Process{Foreach($Target in $ComputerName){$Local=$Null;if($target -in ($env:COMPUTERNAME,'localhost','127.0.0.1')){$Local=$true;$target=$env:COMPUTERNAME};$Drive=try{if($local){(Gwmi Win32_OperatingSystem -ea sil).SystemDrive}else{(Gwmi Win32_OperatingSystem -Computer $target @Creds -ea sil).SystemDrive}}catch{};if($Drive){$OS=if($Local){(Gwmi Win32_OperatingSystem -ea sil).OSArchitecture}else{(Gwmi Win32_OperatingSystem -Computer $target @Creds -ea sil).OSArchitecture};$Proc=if($local){(Gwmi Win32_Processor -ea sil).addressWidth}else{(Gwmi Win32_Processor -Computer $target @Creds -ea sil).addressWidth};if($MS10015){$Item='MS10-015';$Path='\\Windows\\System32\\';$file='ntoskrnl';$ext='exe';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];if($OS -eq '64-bit'){$risk='n/a'}else{$risk=$false;if($Build -eq 7600 -AND $rev -le 20591){$risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS10092){$Item='MS10-092';$Path='\\Windows\\System32\\';$file='schedsvc';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -AND $Proc -eq 64){if($Build -eq 7600 -AND $rev -le 20830){$risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS13053){$Item='MS13-053';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge 17000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22348){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 20723){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS13081){$Item='MS13-081';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge "18000"){$Risk=$true};if($Build -eq 7601 -AND $Rev -le "22435"){$Risk=$true};if($Build -eq 9200 -AND $Rev -le "20807"){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS14058){$Item='MS14-058';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -OR $proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 18000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22823){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21247){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 17353){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS15051){$Item='MS15-051';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -OR $proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 18000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22823){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21247){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 17353){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS15078){$Item='MS15-078';$Path='\\Windows\\System32\\';$file='atmfd';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Rev=$Version.split('.')[2];$Risk=$false;if($rev -eq 243){$Risk=$true};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS16016){$Item='MS16-016';$Path='\\Windows\\System32\\Drivers\\';$file='mrxdav';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge 16000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 23317){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21738){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 18189){$Risk=$true};if($Build -eq 10240 -AND $Rev -le 16683){$Risk=$true};if($Build -eq 10586 -AND $Rev -le 103){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props;$Result +=$obj};if($MS16032){$Item='MS16-032';$Path='\\Windows\\System32\\';$file='seclogon';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -or $Proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 16000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 23348){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21768){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 18230){$Risk=$true};if($Build -eq 10240 -AND $Rev -le 16724){$Risk=$true};if($Build -eq 10586 -AND $Rev -le 162){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props}}else{$Props=@{'Target'=$target;'MS'='?';'OSArch'='?';'ProcArch'='?';'File'='?';'Version'='?';'Risk'='?'};$result +=New-Object PSCustomObject -Prop $Props}}};End{$defaultDisplaySet='Target','MS','Risk';$defaultDisplayPropertySet=New-Object System.Management.Automation.PSPropertySet(‘DefaultDisplayPropertySet’,[string[]]$defaultDisplaySet);$PSStandardMembers=[System.Management.Automation.PSMemberInfo[]]@($defaultDisplayPropertySet);$Result.PSObject.TypeNames.Insert(0,'Test.Result');$Result | Add-Member MemberSet PSStandardMembers $PSStandardMembers -EA sil;if(!$ShowAll){$Result=$Result | where Risk -EQ $true};Return $Result}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment