使用powershell查找世界可写文件 [英] find world-writable files with powershell

问题描述

我可以在我的 Win10 机器上使用这个命令来发现每个人都可以写的文件(在当前目录层次结构内):

I can use this command on my Win10 machine to discover files that are writable by everyone (within the current dir hierarchy):

get-childitem -recurse | get-acl | out-string -stream | select-string -pattern "everyone"

效果很好，但在我的 Win7 机器上，out-string -stream 似乎截断了 select-string 失败的输出.

That works fine but on my Win7 machine the out-string -stream seems to truncate the output the select-string fails.

有没有办法在Win7上找到文件?

Is there a way to find the files on Win7?

推荐答案

检查适当的属性，而不是将 Get-Acl 输出转换为字符串.这适用于所有 Windows 版本:

Check the appropriate properties instead of converting the Get-Acl output to a string. This works on all Windows versions:

Get-ChildItem -Recurse -Force | Where-Object {
    $acl = Get-Acl $_.FullName
    $acl.Access | Where-Object { $_.IdentityReference -eq 'Everyone' }
}

您可以扩展检查以实际检测允许对Everyone"进行写访问的 ACE(以上将检测Everyone"的任何 ACE):

You can expand the check to actually detect ACEs that allow write access to "Everyone" (the above would detect any ACE for "Everyone"):

Get-ChildItem -Recurse -Force | Where-Object {
    $acl = Get-Acl $_.FullName
    $acl.Access | Where-Object {
        $_.IdentityReference -eq 'Everyone' -and
        $_.AccessControlType -eq 'Allow' -and
        $_.FileSystemRights -band 278
    }
}

但是请注意，DENY ACL 优先于 ALLOW ACL，而显式 ACL 优先于继承的 ACL，因此即使有 ACE 授予写访问权限，每个人"实际上也可能有也可能没有写访问权限.

Beware, though, that DENY ACLs take precedence over ALLOW ACLs, and explicit ACLs take precedence over inherited ACLs, so "Everyone" may or may not actually have write access even if there is an ACE granting write access.

• 允许 ACE 而不拒绝 ACE ⇒允许访问(显然)
• 拒绝 ACE 没有 ALLOW ACE ⇒访问被拒绝(显然)
• 继承了ALLOW ACE并继承了DENY ACE ⇒访问被拒绝
• 显式 ALLOW ACE 和继承 DENY ACE ⇒允许访问
• 继承了ALLOW ACE和显式DENY ACE ⇒访问被拒绝
• 显式允许 ACE 和显式拒绝 ACE ⇒访问被拒绝

这篇关于使用powershell查找世界可写文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！