漏洞描述
Checks if the system allows shutdown without logging on, which could lead to denial-of-service attacks.
shutdown-without-logon-allowed: System Allows Shutdown Without Logging On
PoC代码[已公开]
id: shutdown-without-logon-allowed
info:
name: System Allows Shutdown Without Logging On
author: princechaddha
severity: medium
description: Checks if the system allows shutdown without logging on, which could lead to denial-of-service attacks.
impact: |
Allowing shutdown without logging on can result in denial-of-service or unauthorized shutdown of the system.
remediation: |
Restrict system shutdown to logged-in users to prevent unauthorized access.
tags: windows,shutdown,logon,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'ShutdownWithoutLogon'
matchers:
- type: word
words:
- "shutdownwithoutlogon : 1"
# digest: 4a0a0047304502203dc0310df6f3f545cf9d6f636bb208cbba9063e77a4cf923c6f42d8d0ec65487022100e7d0ad69baa36f21564db18a402cc7101512821e2dc27fbf23503bae8c8ae369:922c64590222798bb761d5b6d8e72950