-
Notifications
You must be signed in to change notification settings - Fork 2
/
Invoke-NightmareCheck.ps1
121 lines (92 loc) · 3.77 KB
/
Invoke-NightmareCheck.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
function Get-SpoolerStatus {
Write-Output "Checking if Print Spooler service is enabled..."
Write-Output ""
$spoolerService = Get-Service "Print Spooler" -ErrorAction SilentlyContinue
$spoolerStatus = $spoolerService.Status
$result = ""
if (($spoolerStatus -eq "Running") -or ($spoolerStatus -eq "Stopped")) {
$result = "ENABLED"
} else {
$result = "DISABLED"
}
Write-Output "Print Spooler service is $($result)!"
Write-Output ""
if ($result -eq "ENABLED") {
Write-Output "System is likely VULNERABLE!"
} else {
Write-Output "System is likely NOT VULNERABLE."
}
Write-Output ""
}
function Get-PatchStatus {
Write-Output "Checking if system has security patches applied..."
Write-Output ""
$oldestPrinterPatch = 5003635
$latestPatch = [int](Get-HotFix -Description "Security*" | Sort-Object -Property InstalledOn)[-1].HotFixID.substring(2)
$isPatched = $false
if ($latestPatch -ge $oldestPrinterPatch) {
$isPatched = $true
}
Write-Output "Latest security patch: KB$($latestPatch)."
Write-Output ""
if (!$isPatched) {
Write-Output "System is NOT PATCHED and most likely VULENRABLE!"
} else {
Write-Output "System is PATCHED but might still be vulnerable."
}
Write-Output ""
}
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
} catch {
return $false
}
}
function Get-RegistryStatus {
Write-Output "Checking registry settings..."
Write-Output "(NoWarningNoElevationOnInstall and UpdatePromptSettings should either not exist or be set 0.)"
Write-Output ""
Write-Output "Checking if registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint exists..."
Write-Output ""
$key = Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
if ($key) {
Write-Output "Registry setting exists!"
Write-Output ""
Write-Output "Checking if registry keys NoWarningNoElevationOnInstall or UpdatePromptSettings exist..."
Write-Output ""
$value01Exists = Test-RegistryValue -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -Value "NoWarningNoElevationOnInstall"
$value02Exists = Test-RegistryValue -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -Value "UpdatePromptSettings"
if ($value01Exists) {
$value01 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -Name "NoWarningNoElevationOnInstall").NoWarningNoElevationOnInstall
Write-Output "NoWarningNoElevationOnInstall exists and is set to $($value01)!"
}
if ($value02Exists) {
$value02 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -Name "UpdatePromptSettings").UpdatePromptSettings
Write-Output "UpdatePromptSettings exists and is set to $($value02)!"
}
Write-Output ""
if (($value01 -eq 1) -or ($value02 -eq 1)) {
Write-Output "System is likely VULNERABLE!"
} else {
Write-Output "System is likely NOT VULNERABLE."
}
} else {
Write-Output "Registry setting does not exist."
Write-Output ""
Write-Output "System is likely NOT VULNERABLE."
}
Write-Output ""
}
function Invoke-AllChecks {
Get-SpoolerStatus
Get-PatchStatus
Get-RegistryStatus
}