This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab.
Currently, it is mostly suited for a local privilege escalation also described in our blog post.
The script can also be used to get an overview of an installer and identify potential weaknesses.
You need some python packages. sqlite3, termcolor, maybe more. Otherwise, no installation is required. Just run the script from the main folder.
Install the (apt) package msitools. It contains msiinfo and msiextract that are needed as well.
sudo apt install msitools python msiscan.py <Installer>./runall.sh <directory>Now scan the result for unusual colors (red) for quick wins. Advise: If there is something red, repair it with ProcMon and do the manual approach.
There will be errors. Just ignore them. The analysis tries to continue if possible.
If you see a red line in the beginning Repairmode disabled ..., you will not be able to trigger the repair function.
Now, a few explanations to understand the output if you want to invest some time in deeper analysis:
CreateObject ("WScript.Shell")).Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…