admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-02 16:53:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
23c94de2edd4515d44a32996c8557c91be4ca63f
nuclei-templates/code/windows/audit/remote-desktop-enabled-non-server.yaml
ghost a3d9b481c4 chore: sign templates 🤖
2024-12-02 11:38:21 +00:00

33 lines
1.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: remote-desktop-enabled-non-server
info:
name: Remote Desktop Enabled on Non-Server OS
author: princechaddha
severity: high
description: Checks if Remote Desktop is enabled on workstation editions where its not required.
impact: |
Enabling Remote Desktop on non-server OS could lead to unauthorized remote access.
remediation: |
Disable Remote Desktop on non-server editions to reduce the risk of remote attacks.
tags: windows,remote-desktop,network,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections'
matchers:
- type: word
words:
- "0"
# digest: 4a0a0047304502201d0ee23af404b6fa975496e74a984410ab981d8586a2bee9874179878c7b740a0221008d791fa3f2d885e2e961a1c709f25e9e3e4dd13a5faa44e1e9ad660b4395e5f4:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink