I'm looking for an elegant way to search for windows service Paths not encapsulated in quotes. The reasoning behind this is to inspect some server for vulnerability to Microsoft Windows Unquoted Service Path Enumeration. Due to security reasons I am limited to using the CMD.
By research and some experimenting I came up with:
wmic service list config /FORMAT:csv > services.csv
Which creates a .csv listing all services and their paths and some other Information.
In the next step I searched the resulting .csv for vulnerable service Paths with excel.
I am wondering however if the CMD offers the possibility to filter for services without quotes before exporting them to a .csv
Is there a way to do that?
Based upon your own answer, this modification is how I'd advise you do it instead.
%SystemRoot%\System32\wbem\WMIC.exe /OUTPUT:"result.csv" Service Where "Not PathName Like '\"%'" Get Name, PathName /Format:CSV
The main reason being that I believe the nested doublequote would require escaping with a backward slash.