A lot of errors when running with -Extended

Question

A lot of errors when running with -Extended

init5-SF opened this issue 4 years ago · 6 comments

Hey, great tool!

I am testing on a Windows 10 Enterprise (20H2), it's spitting out a lot of errors.
Actual script output is diverted to a text file, so only errors are showing in PS console, I also have local admin privs but did not run PS as administrator.

Let me know if you need more details!

PS D:\Toolz\AVtest> Invoke-PrivescCheck -Extended > privescReport.txt
Get-ItemProperty : Specified cast is not valid.
At D:\Toolz\AVtest\PrivescCheck.ps1:1385 char:27
+ ... roperties = Get-ItemProperty -Path $RegService.PSPath -ErrorAction Si ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ItemProperty], InvalidCastException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.PowerShell.Commands.GetItemPropertyCommand

Get-Item : Could not find item C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv.LOG1.
At D:\Toolz\AVtest\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\...Config.hiv.LOG1:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Get-Item : Could not find item C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv.LOG2.
At D:\Toolz\AVtest\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\...Config.hiv.LOG2:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Get-Item : Could not find item C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{f8fce59d-bade-11ea-b83e-d43d7e187ce5}.TM.blf.
At D:\Toolz\AVtest\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\...e187ce5}.TM.blf:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Get-Item : Could not find item C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{f8fce59d-bade-11ea-b83e-d43d7e187ce5}.TMContainer00000000000000000001.regtrans-ms.
At D:\Toolz\AVtest\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\...001.regtrans-ms:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Get-Item : Could not find item C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{f8fce59d-bade-11ea-b83e-d43d7e187ce5}.TMContainer00000000000000000002.regtrans-ms.
At D:\Toolz\AVtest\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\...002.regtrans-ms:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Answer 1 · 2021-04-21T16:53:59.000Z

Hello!

Thanks for reporting these issues.
I'll have to take a closer look at those errors. 🧐

Answer 2 · 2021-04-21T17:51:08.000Z

Sure, let me know if you need details or debug info from my end.

Answer 3 · 2021-04-25T11:12:38.000Z

Note to self

The second error can be reproduced on one of my lab machines with the following command:

PS C:\Users\Lab-User\Downloads> . .\PrivescCheck.ps1; Invoke-ProgramDataCheck
Get-Item : Could not find item C:\ProgramData\Chocolatey\.chocolatey.
At C:\Users\Lab-User\Downloads\PrivescCheck.ps1:1570 char:27
+                     if ($(Get-Item -Path $ResolvedPath) -is [System.I ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ProgramData\Chocolatey\.chocolatey:String) [Get-Item], IOException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand

Answer 4 · 2021-05-28T14:45:58.000Z

My recent update should have fixed most of the errors you got.
I simply forgot to add the -Force flag when calling Get-Item.
This flag is required when opening hidden files.

Answer 5 · 2021-05-28T15:07:22.000Z

I close this issue for now.
Feel free to open a new one in case you find other errors.
Thanks. :)

Answer 6 · 2021-05-28T21:33:38.000Z

hey there, the previous errors are now fixed, Thanks!
I'm getting a new one now (with and without -Extended):

Get-ItemProperty : Specified cast is not valid.
At line:626 char:26
+ ... roperties = Get-ItemProperty -Path "Registry::$ServiceRegPath" -Error ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ItemProperty], InvalidCastException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.PowerShell.Commands.GetItemPropertyCommand

It always displays the same line number 626