This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab.
Currently, it is mostly suited for a local privilege escalation also described in our blog post.
The script can also be used to get an overview of an installer and identify potential weaknesses.
You need some python packages. sqlite3
, termcolor
, maybe more. Otherwise, no installation is required. Just run the script from the main folder.
Install the (apt) package msitools
. It contains msiinfo
and msiextract
that are needed as well.
sudo apt install msitools
python msiscan.py <Installer>
./runall.sh <directory>
Now scan the result for unusual colors (red) for quick wins. Advise: If there is something red, repair it with ProcMon and do the manual approach.
There will be errors. Just ignore them. The analysis tries to continue if possible.
If you see a red line in the beginning Repairmode disabled ...
, you will not be able to trigger the repair function.
Now, a few explanations to understand the output if you want to invest some time in deeper analysis:
CreateObject ("WScript.Shell")
).Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…