admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-11 05:03:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c89611f124a8d64865e6797ffcb7380a75cf5a07
nuclei-templates/code/windows/audit/windows-anonymous-sid-enumeration-allowed.yaml
ghost c89611f124 chore: sign templates 🤖
2024-12-01 12:23:53 +00:00

32 lines
1.2 KiB
YAML
Raw Blame History

id: windows-anonymous-sid-enumeration-allowed
info:
name: Windows Allows Anonymous SID Enumeration
author: princechaddha
severity: medium
description: Checks if anonymous users can enumerate Security Identifiers (SIDs), which can expose user information.
impact: |
Allowing anonymous SID enumeration can provide attackers with information to target specific users.
remediation: |
Disable anonymous SID enumeration to protect sensitive user information.
tags: windows,anonymous,sid,security,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'AnonymousSidNameTranslation' -ErrorAction SilentlyContinue).AnonymousSidNameTranslation -eq 1) { Write-Output 'Anonymous SID Enumeration Allowed'; }
matchers:
- type: word
words:
- "Anonymous SID Enumeration Allowed"
# digest: 4a0a00473045022100ab95fcc74ef2ddb0ca68f60d4c84e8d108d959f3f3fc1f4050ca7f1ae1c5eeea0220077cef284a7fd6db2ce2c3a0a9945e7995b5f6dc9c6bd66ca59e9b7ad1e043f4:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink