Skip to content

Instantly share code, notes, and snippets.

@SadProcessor
Created April 7, 2017 12:24
Show Gist options
  • Save SadProcessor/79bd7193b123b7607f1db7ad22d3734e to your computer and use it in GitHub Desktop.
Save SadProcessor/79bd7193b123b7607f1db7ad22d3734e to your computer and use it in GitHub Desktop.
Function Invoke-CheeseOnToast{[CmdletBinding(DefaultParameterSetname='Dirty')][Alias('CheeseOnToast')]Param([ValidateSet('MS10015','MS10092','MS13053','MS13081','MS14058','MS15051','MS15078','MS16016','MS16032')][Parameter(Position=0,Mandatory=$false)][String[]]$Vuln,[Parameter(Mandatory=$false,ValueFromPipeline=$true)][Alias('Target','T')][String[]]$ComputerName=$env:COMPUTERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('U')][String]$User=$env:USERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('P')][String]$Pass,[Parameter(Mandatory=$true,ParameterSetname='Clean')][Alias('C')][Switch]$CredBox,[Parameter(Mandatory=$false)][Alias('All','A')][Switch]$ShowAll);Begin{$Result=@();$Creds=@{};if($PSCmdlet.ParameterSetName -eq 'Clean'){$Creds=Get-Credential -U $env:USERNAME -M 'Please Enter Creds'}else{if($Pass){$Creds['Credential']=New-Object System.Management.Automation.PSCredential -A $User,$(ConvertTo-SecureString $Pass -A -F)}};switch($Vuln){'MS10015'{$MS10015=$true};'MS10092'{$MS10092=$true};'MS13053'{$MS13053=$true};'MS13081'{$MS13081=$true};'MS14058'{$MS14058=$true};'MS15051'{$MS15051=$true};'MS15078'{$MS15078=$true};'MS16016'{$MS16016=$true};'MS16032'{$MS16032=$true};Default {$MS10015=$MS10092=$MS13053=$MS13081=$MS14058=$MS15051=$MS15078=$MS16016=$MS16032=$true}}};Process{Foreach($Target in $ComputerName){$Local=$Null;if($target -in ($env:COMPUTERNAME,'localhost','127.0.0.1')){$Local=$true;$target=$env:COMPUTERNAME};$Drive=try{if($local){(Gwmi Win32_OperatingSystem -ea sil).SystemDrive}else{(Gwmi Win32_OperatingSystem -Computer $target @Creds -ea sil).SystemDrive}}catch{};if($Drive){$OS=if($Local){(Gwmi Win32_OperatingSystem -ea sil).OSArchitecture}else{(Gwmi Win32_OperatingSystem -Computer $target @Creds -ea sil).OSArchitecture};$Proc=if($local){(Gwmi Win32_Processor -ea sil).addressWidth}else{(Gwmi Win32_Processor -Computer $target @Creds -ea sil).addressWidth};if($MS10015){$Item='MS10-015';$Path='\\Windows\\System32\\';$file='ntoskrnl';$ext='exe';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];if($OS -eq '64-bit'){$risk='n/a'}else{$risk=$false;if($Build -eq 7600 -AND $rev -le 20591){$risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS10092){$Item='MS10-092';$Path='\\Windows\\System32\\';$file='schedsvc';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -AND $Proc -eq 64){if($Build -eq 7600 -AND $rev -le 20830){$risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS13053){$Item='MS13-053';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge 17000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22348){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 20723){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS13081){$Item='MS13-081';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge "18000"){$Risk=$true};if($Build -eq 7601 -AND $Rev -le "22435"){$Risk=$true};if($Build -eq 9200 -AND $Rev -le "20807"){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS14058){$Item='MS14-058';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -OR $proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 18000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22823){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21247){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 17353){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS15051){$Item='MS15-051';$Path='\\Windows\\System32\\';$file='win32k';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -OR $proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 18000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 22823){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21247){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 17353){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS15078){$Item='MS15-078';$Path='\\Windows\\System32\\';$file='atmfd';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Rev=$Version.split('.')[2];$Risk=$false;if($rev -eq 243){$Risk=$true};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props};if($MS16016){$Item='MS16-016';$Path='\\Windows\\System32\\Drivers\\';$file='mrxdav';$ext='sys';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '64-bit'){$risk='n/a'}else{if($Build -eq 7600 -AND $Rev -ge 16000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 23317){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21738){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 18189){$Risk=$true};if($Build -eq 10240 -AND $Rev -le 16683){$Risk=$true};if($Build -eq 10586 -AND $Rev -le 103){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props;$Result +=$obj};if($MS16032){$Item='MS16-032';$Path='\\Windows\\System32\\';$file='seclogon';$ext='dll';$Query="SELECT * FROM CIM_DataFile WHERE Drive='$Drive' AND Path='$Path' AND FileName='$file' AND Extension='$ext'";$Version=if($Local){(Gwmi -Q $Query).version}else{(Gwmi -Q $Query -Computer $Target @Creds).version};$Build=$version.split('.')[2];$Rev=$version.split('.')[3];$Risk=$false;if($OS -eq '32-bit' -or $Proc -eq 64){if($Build -eq 7600 -AND $Rev -ge 16000){$Risk=$true};if($Build -eq 7601 -AND $Rev -le 23348){$Risk=$true};if($Build -eq 9200 -AND $Rev -le 21768){$Risk=$true};if($Build -eq 9600 -AND $Rev -le 18230){$Risk=$true};if($Build -eq 10240 -AND $Rev -le 16724){$Risk=$true};if($Build -eq 10586 -AND $Rev -le 162){$Risk=$true}};$Props=@{'Target'=$target;'OS'=$OS;'Proc'=$Proc;'MS'=$Item;'File'="$file.$ext";'Version'=$Version;'Risk'=$Risk};$Result +=New-Object PSCustomObject -Prop $Props}}else{$Props=@{'Target'=$target;'MS'='?';'OSArch'='?';'ProcArch'='?';'File'='?';'Version'='?';'Risk'='?'};$result +=New-Object PSCustomObject -Prop $Props}}};End{$defaultDisplaySet='Target','MS','Risk';$defaultDisplayPropertySet=New-Object System.Management.Automation.PSPropertySet(‘DefaultDisplayPropertySet’,[string[]]$defaultDisplaySet);$PSStandardMembers=[System.Management.Automation.PSMemberInfo[]]@($defaultDisplayPropertySet);$Result.PSObject.TypeNames.Insert(0,'Test.Result');$Result | Add-Member MemberSet PSStandardMembers $PSStandardMembers -EA sil;if(!$ShowAll){$Result=$Result | where Risk -EQ $true};Return $Result}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment