I'm looking for an elegant way to search for windows service Paths not encapsulated in quotes (nessus 63155). The reasoning behind this is to inspect some server for vulnerability to Microsoft Windows Unquoted Service Path Enumeration. Due to security reasons I am limited to using the CMD.
By research and some experimentation I came up with:
wmic service list config /FORMAT:csv > services.csv
Which creates a .csv listing all services and their paths and some other Information.
In the next step I searched the resulting .csv for vulnerable service Paths with excel.
I am wondering however if the CMD offers the possibility to filter for services without quotes before exporting them to a .csv
Is there a way to do that?
I found out that wmic supports Where-Clauses, so I came up with the following:
wmic service where "not Pathname like '"%"%' and not Pathname like'%Windows%'" GET Name,Pathname /FORMAT:csv>result.csv
mic service where "not Pathname like '"%"%' and not Pathname like'%Windows%'" Looks for Services with Pathnames not encapsulated with Quotes excluding windows service paths and paths encapsulated but featuring an argument.
GET Name,Pathname extracts the Name of the service as well as its path
/FORMAT:csv>result.csv formats to csv and exports to file result.csv in the same directory.