tis-audit-summer-of-sam

1.0-2
Audit Summer of SAM
0 downloads
Download
View on luti logo
tis-audit-summer-of-sam icon

  Description 

  • package : tis-audit-summer-of-sam
  • version : 1.0-2
  • architecture : all
  • categories :
  • maintainer : WAPT Team,Tranquil IT,Denis CARDON
  • description : Audit Summer of SAM
  • locale : all
  • target_os : windows
  • min_wapt_version : 2.0
  • sources :
  • installed_size :
  • impacted_process :
  • description_fr :
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2022-07-28T05:02:28.253636

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *
import tempfile


# Fix for CVE-2021-36934 : Summer of SAM : https://t.co/kz3eWzVAu4
# vulnerability are found only in windows server version 2019 freshly installed and windows computers 1809 or more freshly installed, if upgraded from earlier version the vulnerability shouldn't be present. We check for builtin\users and if present we delete the shadow copy


def install():
    pass


def audit():
    output_temp_file = tempfile.mktemp()
    print(output_temp_file)
    output = run('icacls %%windir%%\system32\config\sam /save "%s"' % output_temp_file)
    # beware of localized versions
    print(output)
    with open(output_temp_file, encoding="utf-16-le") as f:
        acl_content = f.read()
    acl_content = acl_content.lstrip("sam").strip()

    # print("current acl on %%windir%%\system32\config\sam : %s " % acl_content)

    if ";BU)" in acl_content:
        print(r"ACL on %windir%\system32\config has user inheritence, disabling with cmd : ")
        cmd = "icacls %windir%\system32\config\*.* /inheritance:e"
        print(cmd)
        run(cmd)
        return "WARNING"
    else:
        print("OK : This machine is not vulnerable")
        return "OK"

										

  Changelog 



No changelog.txt.
									
  manifest.sha256