Upload files to "Vulnerability Scripts/Compromised Host Files"

Vulnerability Scripts/Compromised Host Files/VULN - Compromised Windows Host File – McAfee.ps1

@@ -0,0 +1,47 @@
+<#
+Author: Gabe Kerntke
+Date: 04-15-2024
+
+.Synopsis
+
+.Modified
+2024-04-15 (GabeK) - Original script created
+
+#>
+
+#Region Variables
+$URL = "scinstallcheck.mcafee.com"
+$HostFileTest = Get-Content "C:\Windows\System32\drivers\etc\hosts" | Where-Object { $_ -like "*$URL*" } 
+$HostFilePath = "C:\Windows\System32\drivers\etc\hosts"
+$HostFile = Get-Content "C:\Windows\System32\drivers\etc\hosts"
+
+#Region Script Start
+
+#If the $URL exists in the host file it continues with the fix
+If ($null -ne $HostFileTest) {
+    #Makes copy of Host file before making changes
+    Copy-Item $HostFilePath -Destination "C:\Windows\System32\drivers\etc\hosts - backup" -Force
+    #Makes the change to the Host file
+    $NewFile = $HostFile -replace "0.0.0.1", "#" -replace "scinstallcheck.mcafee.com", "#"
+
+    Try {
+        #Sees if the changes to the Host file can saved
+        Set-Content -Value $NewFile -Path $HostFilePath -Force -ErrorAction Stop
+    }
+
+    catch {
+        #If error occurs with saving new Host file, revert to backup Host file
+        Copy-Item "C:\Windows\System32\drivers\etc\hosts - backup" -Destination $HostFilePath -Force
+        Write-Host "Failed to modify host file, exiting script"
+        Break
+    }
+
+    Write-Host "Host file has been modified"
+    #Removes backup Host file
+    Remove-Item "C:\Windows\System32\drivers\etc\hosts - backup"
+}
+
+Else {
+    Write-Host "$URL does not exist in host file, exiting script."
+}
+#Region Script End