Skip to content

Commit

Permalink
updates to script
Browse files Browse the repository at this point in the history
  • Loading branch information
@cparmn
cparmn committed Mar 12, 2020
1 parent ae5d67e commit 79cc1db
Showing 1 changed file with 69 additions and 75 deletions.
144 changes: 69 additions & 75 deletions remediation/EternalDarkness/EternalDarkness.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
This detects and mitigates if systems are vulnerable to CVE-2020-0796 EternalDarkness
.DESCRIPTION
This Module will check OS version and if any shares are enabled. If OS version matches and shares are enabled
This script will check OS version and if any shares are enabled. If OS version matches and shares are enabled
it will check HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter\DisableCompression to determine if the host system is vulnerable.
If the host system is vulnerable and -mitigate is used it will set DisableCompression to 1
Expand All @@ -13,107 +13,101 @@
.EXAMPLE
The example below mitigates the system if vulnerable to CVE-2020-0796 EternalDarkness, Requires running as Admin
PS C:\> Import-Module EternalDarkness.ps1
PS C:\> EternalDarkness -mitigate
PS C:\> ./EternalDarkness -mitigate
.EXAMPLE
The example below checks if the system is vulnerable to CVE-2020-0796 EternalDarkness
PS C:\> Import-Module EternalDarkness.ps1
PS C:\> EternalDarkness
PS C:\> ./EternalDarkness.ps1
.NOTES
Author: Casey Parman
Last Edit: 2020-03-11
Version 1.0 - initial release
#>
param
(
[switch]$mitigate
)

function EternalDarkness
If ([environment]::OSVersion.Version.Major -eq 10)
{

param
(
[switch]$mitigate
)

If ([environment]::OSVersion.Version.Major -eq 10)
If ([environment]::OSVersion.Version.Build -eq 18363 -or [environment]::OSVersion.Version.Build -eq 18362)
{
If ([environment]::OSVersion.Version.Build -eq 18363 -or [environment]::OSVersion.Version.Build -eq 18362)
If (Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\LanmanServer\Shares)
{
If (Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\LanmanServer\Shares)
If ((Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters").PSObject.Properties.Name -contains "DisableCompression")
{
If ((Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters").PSObject.Properties.Name -contains "DisableCompression")
{
##Here we'll check to see the value,
If ((Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -name DisableCompression) -eq 0)
{
If ($mitigate)
##Here we'll check to see the value,
If ((Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -name DisableCompression) -eq 0)
{
If ($mitigate)
{
If (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
If (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Write-Host -ForegroundColor Green "--------------------"
Write-Host -ForegroundColor Green "--System Mitigated--"
Write-Host -ForegroundColor Green "--------------------"

} Else
{
Write-Host -ForegroundColor Red "Run in elevated prompt"
}
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Write-Host -ForegroundColor Green "--------------------"
Write-Host -ForegroundColor Green "--System Mitigated--"
Write-Host -ForegroundColor Green "--------------------"

} Else
{
Write-Host -ForegroundColor Red "--------------"
Write-Host -ForegroundColor Red "--Vulnerable--"
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "mitigate with -mitigate argument"
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "Run in elevated prompt"
}
} Else
{
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"
}

} Else
{
If ($mitigate)
{
If (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Write-Host -ForegroundColor Green "--------------------"
Write-Host -ForegroundColor Green "--System Mitigated--"
Write-Host -ForegrounFUCKdColor Green "--------------------"
} Else
{
Write-Host -ForegroundColor Red "Run in elevated prompt"
}
} Else
{
Write-Host -ForegroundColor Red "--------------"
Write-Host -ForegroundColor Red "--Vulnerable--"
} Else
{
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "-----------Vulnerable-----------"
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "mitigate with -mitigate argument"
Write-Host -ForegroundColor Red "--------------------------------"
}
}
} Else
{
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"
}
}Else
}
} Else
{
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"
}

} Else
{
If ($mitigate)
{
If (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Write-Host -ForegroundColor Green "--------------------"
Write-Host -ForegroundColor Green "--System Mitigated--"
Write-Host -ForegroundColor Green "--------------------"
} Else
{
Write-Host -ForegroundColor Red "Run in elevated prompt"
}
} Else
{
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "-----------Vulnerable-----------"
Write-Host -ForegroundColor Red "--------------------------------"
Write-Host -ForegroundColor Red "mitigate with -mitigate argument"
Write-Host -ForegroundColor Red "--------------------------------"
}
}
} Else
{
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"
}
} Else {
}
}Else
{
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"

}
} Else {
Write-Host -ForegroundColor Green "------------------"
Write-Host -ForegroundColor Green "--Not Vulnerable--"
Write-Host -ForegroundColor Green "------------------"

}


}

0 comments on commit 79cc1db

Please sign in to comment.