thomhastings/process-permissions.bat

## process-permissions.bat
:: process-permissions.bat
:: =======================
:: Batch Script for process permission analysis
:: 	by Thom Hastings ©2012 New BSD License
::
:: for reference-
:: http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
:: TODO: http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
@echo off
title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le
color 0a

title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~W0rking...
@echo on
for /f "tokens=2 delims='='" %%a in ('wmic service list full^|find /i "pathname"^|find /i /v "system32"') do echo %%a >> process-permissions-unparsed.txt
:: clean up from last time just in case
@del process-permissions-output.txt
for /f eol^=^"^ delims^=^" %%a in (process-permissions-unparsed.txt) do cmd.exe /c icacls "%%a" >> process-permissions-output.txt
@del process-permissions-unparsed.txt

@echo off
title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le
echo Opening text file...
pause
start notepad process-permissions-output.txt

:: Dump undocumented system variables (just to see if there's anything interesting)
echo Dumping undocumented system variables...
@echo on
set "
@echo off
pause

choice /m "Clean up"
if errorlevel 2 goto end
if errorlevel 1 goto :clean
:clean
del process-permissions-output.txt
:end
	:: process-permissions.bat
	:: =======================
	:: Batch Script for process permission analysis
	:: by Thom Hastings ©2012 New BSD License
	::
	:: for reference-
	:: http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
	:: TODO: http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
	@echo off
	title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le
	color 0a

	title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~W0rking...
	@echo on
	for /f "tokens=2 delims='='" %%a in ('wmic service list full^\|find /i "pathname"^\|find /i /v "system32"') do echo %%a >> process-permissions-unparsed.txt
	:: clean up from last time just in case
	@del process-permissions-output.txt
	for /f eol^=^"^ delims^=^" %%a in (process-permissions-unparsed.txt) do cmd.exe /c icacls "%%a" >> process-permissions-output.txt
	@del process-permissions-unparsed.txt

	@echo off
	title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le
	echo Opening text file...
	pause
	start notepad process-permissions-output.txt

	:: Dump undocumented system variables (just to see if there's anything interesting)
	echo Dumping undocumented system variables...
	@echo on
	set "
	@echo off
	pause

	choice /m "Clean up"
	if errorlevel 2 goto end
	if errorlevel 1 goto :clean
	:clean
	del process-permissions-output.txt
	:end