mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-03 01:03:34 +08:00
32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
id: windows-active-desktop-enabled
|
|
|
|
info:
|
|
name: Active Desktop Enabled
|
|
author: princechaddha
|
|
severity: medium
|
|
description: Checks if Active Desktop is enabled, which can be exploited to deliver malicious content.
|
|
impact: |
|
|
Enabling Active Desktop allows attackers to inject malicious content or scripts.
|
|
remediation: |
|
|
Disable Active Desktop unless it's specifically required.
|
|
tags: windows,active-desktop,security,code,windows-audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
if ((Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'NoActiveDesktop' -ErrorAction SilentlyContinue).NoActiveDesktop -eq 0) { Write-Output 'Active Desktop enabled'; }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Active Desktop enabled"
|
|
# digest: 4b0a00483046022100dd7bd8214f67351b1f25da25ba78a12be98578f4226ecf715c03dbada396c81002210081f219e777b23470afed5bfc517e0da110eafa38c9ab9d6bf018757207d482c9:922c64590222798bb761d5b6d8e72950 |