windows-script-host-enabled: Windows Script Host Enabled

日期: 2025-08-01 | 影响软件: Windows Script Host | POC: 已公开

漏洞描述

Checks if Windows Script Host is enabled, which can be used to run malicious scripts.

PoC代码[已公开]

id: windows-script-host-enabled

info:
  name: Windows Script Host Enabled
  author: princechaddha
  severity: medium
  description: Checks if Windows Script Host is enabled, which can be used to run malicious scripts.
  impact: |
    Leaving Windows Script Host enabled may allow attackers to execute harmful scripts on the system.
  remediation: |
    Disable Windows Script Host by setting the Enabled registry key to 0.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $(Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ErrorAction SilentlyContinue).Enabled -eq 0

    matchers:
      - type: word
        words:
          - "True"
# digest: 4b0a00483046022100f48316de0eb77e78470671b48bef9b81163cba280687c8045528142a23cfffb00221009e6ab20d0ddbc60be6bf6268df348db3f0a852e9d23a28a615d75e3be85e2339:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/windows-script-host-enabled.yaml