Script for Pentesting in Windows Box pulled from https://github.com/ankh2054/windows-pentest source: https://github.com/ankh2054/windows-pentest/blob/master/icacls.bat
I modify the script above, since it is not working with my environment
references: https://stackoverflow.com/questions/14509652/what-is-the-difference-between-and-in-a-cmd-file https://jeffpar.github.io/kbarchive/kb/075/Q75634/ https://stackoverflow.com/questions/8526946/commenting-multiple-lines-in-dos-batch-file http://www.chebucto.ns.ca/~ak621/DOS/BatBasic.html https://ss64.com/nt/for_f.html https://stackoverflow.com/questions/8520313/windows-batch-script-to-parse-csv-file-and-output-a-text-file/8520993#8520993 https://www.robvanderwoude.com/ntfortokens.php http://www.knowledgewalls.com/johnpeter/books/msdos-commands/split-string-by-delimiter
SERVICE_NAME: WpnUserService_27fed
DISPLAY_NAME: Windows Push Notifications User Service_27fed
TYPE : f0 ERROR
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\>sc qc WpnUserService_27fed
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: WpnUserService_27fed
TYPE : e0 USER_SHARE_PROCESS INSTANCE
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Push Notifications User Service_27fed
DEPENDENCIES :
SERVICE_START_NAME :
The BATCH file would be this...
for /f "tokens=1*" %%m in ('sc query state^= all ^| find "SERVICE_NAME"') do (
REM when token found first match, it will be assign as variable %%m, %%n, %%o, consecutively or %%~n
REM source: http://www.knowledgewalls.com/johnpeter/books/msdos-commands/split-string-by-delimiter
REM echo %%~n
for /f "tokens=1* delims=:" %%r in ('sc qc "%%~n" ^| find "BINARY_PATH_NAME"') do (
REM echo "%%~s"
for /f "delims=-/" %%x in ('echo %%~s ^| findstr /L /V /I /C:"%SystemRoot%\System32" /C:"%SystemRoot%\SysWOW64"') do (
echo %%~n
echo %%~x
icacls %%~x
)
)
)