-
Notifications
You must be signed in to change notification settings - Fork 3
/
Check_CVE-2020-16898_local.ps1
70 lines (60 loc) · 2.45 KB
/
Check_CVE-2020-16898_local.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<#
.NOTES
===========================================================================
Created on: 14/10/2020
Created by: Maliek Meersschaet
Organization: Orange Cyberdefense
Filename: Check_CVE-2020-16898_local.ps1
Twitter: https://twitter.com/Mal1ekM
===========================================================================
.DESCRIPTION
Small script that checks if and what interfaces have RA Based DNS Config enabled and vulnerable to CVE-2020-16898.
To DO:
Add check if patching has already been done
Check for remote devices
Other things I've haven't think about
#>
Function Get-IPv6InterfaceParams($interface)
{
$Output = netsh int ipv6 sh interfaces interface=$interface
$windows_version = Check_windows_version
$release_id = Check_release_id
$Object = New-Object -Type PSObject
$Output | Where {$_ -match '^([^:]+):\s*(\S.*)$' } | Foreach {
[int]$ParseResult = 0
if ([int]::TryParse($Matches[2], [ref]$ParseResult))
{
$Value = $ParseResult
}
else
{
$Value = $Matches[2]
}
$Name = $Matches[1] -replace ' '
$Object | Add-Member -Type NoteProperty -Name $Name -Value $Value
}
$filter = $Object | where 'RABasedDNSConfig(RFC6106)' -eq enabled | Select-Object IfLuid,IfIndex,'RABasedDNSConfig(RFC6106)'
#Write-Output $filter
$interfs = $filter | Select-Object -ExpandProperty ifIndex
if ($interfs -and $windows_version -like "*10*" -and $release_id -gt 1707) {
Write-Host "Windows vulnerable version" $windows_version $release_id -BackgroundColor Red
Write-Host "Vulnerable interface:" -BackgroundColor Red
foreach ($interf in $interfs) {
netsh int ipv6 sh int $interf
}
}else {
"No Vulnerable interfaces"
}
}
Function Check_release_id {
$output = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
return $output
}
Function Check_windows_version {
$output = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ProductName).ProductName
return $output
}
$up_interfaces = Get-NetAdapter | where status -eq 'up' | Select-Object -ExpandProperty ifIndex
foreach ($interface in $up_interfaces) {
Get-IPv6InterfaceParams($interface)
}