MyMSIAnalyzer: Analyse MSI files for vulnerabilities
MyMSIAnalyzer
You have probably come across MSI files quite often. They are used by software manufacturers to provide their programs. This format is more convenient than the standard EXE format for the following reasons:
- Ability to restore, install certain components
- Data storage in well-structured tables that can be easily accessed via APIs
- Easy distribution via SCCM, WEB endpoints
There may be various vulnerabilities inside MSI files, most of which will lead to privilege escalation. These include both logical vulnerabilities: DLL/TypeLib/COM/Exe File/Script/etc hijacking, PATH Abusing, and vulnerabilities of the MSI file format itself: Custom Actions Abuse, abandoned credentials, privileged child processes.
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is able to:
- Check for credential leaks
- Detect vulnerable Custom Actions
- Check MSI files signature (useful for MST Backdoor)
- Check if Custom Actions can be overwritten
In addition, there is a GuiFinder project in the repository. It can be used to detect MSI files that have a graphical interface and run on behalf of the NT AUTHORITY\SYSTEM, allowing you to elevate your privileges via explorer.exe escape.
