admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-10 04:33:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
78ee0fcc6bfc1403465bb987932bf02cef7a49a5
nuclei-templates/code/windows/audit/anonymous-sid-enumeration-enabled.yaml
ghost 78ee0fcc6b chore: sign templates 🤖
2024-12-01 12:00:57 +00:00

34 lines
1.0 KiB
YAML
Raw Blame History

id: anonymous-sid-enumeration-enabled
info:
name: Anonymous SID Enumeration Enabled
author: princechaddha
severity: medium
description: Checks if anonymous users can enumerate Security Identifiers (SIDs).
impact: |
Allowing anonymous SID enumeration can expose user account details and increase the risk of unauthorized access.
remediation: |
Restrict anonymous access to SID enumeration to enhance security.
tags: windows,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'EveryoneIncludesAnonymous'
matchers:
- type: word
words:
- "everyoneincludesanonymous : 1"
# digest: 490a00463044022071704abaeb4631c7ad83cab6ad990fc92e0cc1820a0a3524683fe786a3f8afa6022001273d53b7a5a9c2b866d26c48eae855fd3cb821a4ecde04ebb80b9d77909352:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink