diff --git a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape index 0502e2031..ed27b8451 100644 --- a/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape +++ b/Modules/Apps/PowerShell_Ollama_AI_cve-2024-37032.mkape @@ -5,14 +5,14 @@ Version: 1.0 Id: ce916f46-4160-4953-b635-3071494ab50b ExportFormat: txt Processors: - - + - Executable: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: "$destinationPath = '%destinationDirectory%\\ollama_path_traversal_check.txt'; Remove-Item -Path $destinationPath -ErrorAction SilentlyContinue; $users = Get-ChildItem -Path '%SourceDirectory%\\Users' -Directory; foreach ($user in $users) { $ollamaPath = Join-Path $user.FullName '.ollama'; if (Test-Path $ollamaPath) { $modelsPath = Join-Path $ollamaPath 'models\\manifests'; if (Test-Path $modelsPath) { Get-ChildItem -Path $modelsPath -Recurse -File | ForEach-Object { $modelName = $_.Name; $fileContent = Get-Content -Path $_.FullName -Raw -ErrorAction SilentlyContinue; if ($fileContent -match '(\\..\\/)+|traversal') { $entry = ('{0} | {1}' -f $_.FullName, $fileContent.Substring(0, [Math]::Min($fileContent.Length, 200)) + '...'); Add-Content -Path $destinationPath -Value $entry; Add-Content -Path $destinationPath -Value \"`r`n`r`n\"; } } } } }" ExportFormat: txt # Documentation # https://ollama.com/blog | https://github.com/ollama/ollama | https://hub.docker.com/r/ollama/ollama -# Ollama is used for self-hosted AI inference, and it supports many models out of the box. +# Ollama is used for self-hosted AI inference, and it supports many models out of the box. # Ollama serves as the backend for common AI projects such as OpenWebUI, among others. # The code will identify the installed Models, the Model Integrity hash and the Ollama PrivateKey. #.\kape.exe --msource c:\ --mdest k:\case-12345\Kape\mout --module powershell_ollama_ai_cve-2024-37032