From db3ce7959c65dfa575ed7109eb939f4b57cb9273 Mon Sep 17 00:00:00 2001
From: Bubbl3H3d <31154539+Bubbl3H3d@users.noreply.github.com>
Date: Sun, 1 Oct 2017 16:28:24 -0400
Subject: [PATCH] PowerUp.ps1:880 - Remove "C:\" False Positives

By default, the C:\ folder has special permissions set that allow unprivileged users to create new folders, but not to create or modify files in C:\ . This special permission set is misinterpreted by the script as a writable folder in the path, even though it is not. The proposed change removes results that return C:\ (subfolders within C:\ are still returned if they are modifiable).
---
 Privesc/PowerUp.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1
index 45edcecf..d00a18f8 100644
--- a/Privesc/PowerUp.ps1
+++ b/Privesc/PowerUp.ps1
@@ -877,7 +877,7 @@ a modifiable path.
                                     # if the path doesn't exist, check if the parent folder allows for modification
                                     try {
                                         $ParentPath = (Split-Path -Path $TempPath -Parent -ErrorAction SilentlyContinue).Trim()
-                                        if ($ParentPath -and ($ParentPath -ne '') -and (Test-Path -Path $ParentPath  -ErrorAction SilentlyContinue)) {
+                                        if ($ParentPath -and ($ParentPath -ne '','C:\') -and (Test-Path -Path $ParentPath  -ErrorAction SilentlyContinue)) {
                                             $CandidatePaths += Resolve-Path -Path $ParentPath -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path
                                         }
                                     }