/MyMSIAnalyzer

Analyse MSI files for vulnerabilities

Primary LanguageC#

MyMSIAnalyzer

1_QLgvET0pU3rr2G8VLGtiiQ

MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is able to:

  • Check for credential leaks
  • Detect vulnerable Custom Actions
  • Check MSI files signature (useful for MST Backdoor)
  • Check if Custom Actions can be overwritten

In addition, there is a GuiFinder project in the repository. It can be used to detect MSI files that have a graphical interface and run on behalf of the NT AUTHORITY\SYSTEM, allowing you to elevate your privileges via explorer.exe escape

The tool is easy to use:

.\MyMSIAnalyzer.exe [-path <PATH TO MSI Files. Default value: C:\Windows\Installer>]

.\GuiFinder.exe [--folder <PATH>]

If you're not familiar with this method of privilege escalation, I encourage you to read our article.