more failure reasons
parent
8c5890d506
commit
352e170624
|
@ -183,7 +183,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
sock = connect
|
||||
if sock.nil?
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport.to_s} - Failed to connect to remoting service")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{rport.to_s} - Failed to connect to remoting service")
|
||||
else
|
||||
print_status("#{rhost}:#{rport} - Sending packet to ConfigurationService...")
|
||||
end
|
||||
|
@ -224,7 +224,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
sock.close
|
||||
sock = connect
|
||||
if sock.nil?
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport.to_s} - Failed to connect to remoting service")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{rport.to_s} - Failed to connect to remoting service")
|
||||
else
|
||||
print_status("#{rhost}:#{rport} - Sending packet to ConfigurationService...")
|
||||
end
|
||||
|
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnetport.to_i, 'Context' => ctx })
|
||||
|
||||
if sock.nil?
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Backdoor service has not been spawned!!!")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{rport} - Backdoor service has not been spawned!!!")
|
||||
end
|
||||
|
||||
add_socket(sock)
|
||||
|
@ -131,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
})
|
||||
return res
|
||||
rescue ::Rex::ConnectionError
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Could not connect to the webservice")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{rport} - Could not connect to the webservice")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -121,10 +121,10 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
if res && res.code == 200 && res.to_s =~ /#{datastore['COOKIEID']}=([^;]+);/
|
||||
cookie_value = $1.strip
|
||||
else
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Unexpected response from server.")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Unexpected response from server.")
|
||||
end
|
||||
rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Unable to establish connection.")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Unable to establish connection.")
|
||||
end
|
||||
|
||||
# Step 2 - Decrypt the cookie so that we have a PHP object we can work with directly
|
||||
|
@ -167,10 +167,10 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
else
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Unexpected response from server.")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Unexpected response from server.")
|
||||
end
|
||||
rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Unable to establish connection.")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Unable to establish connection.")
|
||||
end
|
||||
|
||||
print_good("#{peer} - Host configuration extracted.")
|
||||
|
@ -221,10 +221,10 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
)
|
||||
|
||||
unless res && res.code == 200
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Stager upload failed (invalid result).")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Stager upload failed (invalid result).")
|
||||
end
|
||||
rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Stager upload failed (unable to establish connection).")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Stager upload failed (unable to establish connection).")
|
||||
end
|
||||
|
||||
print_good("#{peer} - Stager uploaded.")
|
||||
|
|
|
@ -112,7 +112,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
}
|
||||
|
||||
unless datastore['GIT'] || datastore['MERCURIAL']
|
||||
fail_with(Exploit::Failure::BadConfig, 'Must specify at least one GIT and/or MERCURIAL')
|
||||
fail_with(Failure::BadConfig, 'Must specify at least one GIT and/or MERCURIAL')
|
||||
end
|
||||
|
||||
setup_git
|
||||
|
@ -125,11 +125,11 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
return unless datastore['GIT']
|
||||
# URI must start with a /
|
||||
unless git_uri && git_uri =~ /^\//
|
||||
fail_with(Exploit::Failure::BadConfig, 'GIT_URI must start with a /')
|
||||
fail_with(Failure::BadConfig, 'GIT_URI must start with a /')
|
||||
end
|
||||
# sanity check the malicious hook:
|
||||
if datastore['GIT_HOOK'].blank?
|
||||
fail_with(Exploit::Failure::BadConfig, 'GIT_HOOK must not be blank')
|
||||
fail_with(Failure::BadConfig, 'GIT_HOOK must not be blank')
|
||||
end
|
||||
|
||||
# In .git/hooks/ directory, specially named files are shell scripts that
|
||||
|
@ -211,11 +211,11 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
return unless datastore['MERCURIAL']
|
||||
# URI must start with a /
|
||||
unless mercurial_uri && mercurial_uri =~ /^\//
|
||||
fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_URI must start with a /')
|
||||
fail_with(Failure::BadConfig, 'MERCURIAL_URI must start with a /')
|
||||
end
|
||||
# sanity check the malicious hook
|
||||
if datastore['MERCURIAL_HOOK'].blank?
|
||||
fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_HOOK must not be blank')
|
||||
fail_with(Failure::BadConfig, 'MERCURIAL_HOOK must not be blank')
|
||||
end
|
||||
# we fake the Mercurial HTTP protocol such that we are compliant as possible but
|
||||
# also as simple as possible so that we don't have to support all of the protocol
|
||||
|
|
|
@ -257,7 +257,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if res and res.code == 302 and res.headers['location'] !~ /authfailed/
|
||||
print_good("#{peer} - Authenticated successfully as '#{user}'")
|
||||
else
|
||||
fail_with(Exploit::Failure::NoAccess, "#{peer} - Authentication failed")
|
||||
fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
|
||||
end
|
||||
|
||||
# check access to the console and get CSRF nonce
|
||||
|
|
|
@ -132,7 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Login Bypass Successful")
|
||||
print_status("cookie monster = " + cookies)
|
||||
else
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Login Bypass Failed")
|
||||
fail_with(Failure::NotVulnerable, "Login Bypass Failed")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -142,13 +142,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
begin
|
||||
res = upload(base, php, cookies)
|
||||
rescue ::Rex::ConnectionError
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
|
||||
end
|
||||
|
||||
if res and res.code == 200
|
||||
print_good("#{peer} - File uploaded successfully")
|
||||
else
|
||||
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
|
||||
end
|
||||
|
||||
# retrieve and execute PHP payload
|
||||
|
@ -159,7 +159,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'uri' => normalize_uri(base, 'images', "#{@fname}")
|
||||
}, 1)
|
||||
rescue ::Rex::ConnectionError
|
||||
fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
|
||||
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
})
|
||||
|
||||
unless res and res.code == 200 and res.body.to_s =~ /<title><\/title>/
|
||||
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Upload failed")
|
||||
end
|
||||
|
||||
print_status("#{peer} - Executing payload #{@payload_name}")
|
||||
|
|
|
@ -308,7 +308,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
if packet_payload.length > target['offset']
|
||||
fail_with(Exploit::Failure::BadConfig, "The resulting payload has #{packet_payload.length} bytes, we only have #{target['offset']} space.")
|
||||
fail_with(Failure::BadConfig, "The resulting payload has #{packet_payload.length} bytes, we only have #{target['offset']} space.")
|
||||
end
|
||||
injection = packet_payload + rand_text_alpha(target['offset'] - packet_payload.length) + [target.ret].pack('V')
|
||||
|
||||
|
|
|
@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if not user_in_admin_group?
|
||||
fail_with(Exploit::Failure::NotFound, "User is not in the 'admin' group, bailing.")
|
||||
fail_with(Failure::NotFound, "User is not in the 'admin' group, bailing.")
|
||||
end
|
||||
# "remember" the current system time/date/network/zone
|
||||
print_good("User is an admin, continuing...")
|
||||
|
@ -194,7 +194,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
output = cmd_exec('echo "" | ' + sudo_cmd_test)
|
||||
|
||||
if output =~ /incorrect password attempts\s*$/i
|
||||
fail_with(Exploit::Failure::NotFound, "User has never run sudo, and is therefore not vulnerable. Bailing.")
|
||||
fail_with(Failure::NotFound, "User has never run sudo, and is therefore not vulnerable. Bailing.")
|
||||
elsif output =~ /#{test}/
|
||||
print_good("Test executed succesfully. Running payload.")
|
||||
else
|
||||
|
|
|
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
# check vuln
|
||||
if check != Exploit::CheckCode::Vulnerable
|
||||
fail_with Exploit::Failure::NotVulnerable, "#{peer} - Target is not vulnerable"
|
||||
fail_with Failure::NotVulnerable, "#{peer} - Target is not vulnerable"
|
||||
end
|
||||
|
||||
# write backdoor
|
||||
|
|
|
@ -231,7 +231,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
jboss_path =jboss_deploy_path
|
||||
|
||||
if jboss_path.nil?
|
||||
fail_with(Exploit::Unknown, "#{peer} - Failed to disclose the jboss deployment directory")
|
||||
fail_with(Failure::Unknown, "#{peer} - Failed to disclose the jboss deployment directory")
|
||||
end
|
||||
|
||||
print_status("#{peer} - Building WAR payload...")
|
||||
|
@ -246,7 +246,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = upload_war(war_name, war, deploy_dir)
|
||||
|
||||
unless res
|
||||
fail_with(Exploit::Unknown, "#{peer} - Failed to upload the war payload")
|
||||
fail_with(Failure::Unknown, "#{peer} - Failed to upload the war payload")
|
||||
end
|
||||
|
||||
register_files_for_cleanup("../server/appstream/deploy/#{war_name}")
|
||||
|
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
)
|
||||
|
||||
if res && res.code != 200
|
||||
fail_with(Failure::Unkown, "#{peer} - Something went wrong.")
|
||||
fail_with(Failure::Unknown, "#{peer} - Something went wrong.")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -415,8 +415,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
@exploit_unc = "\\\\#{@myhost}\\"
|
||||
|
||||
if datastore['SRVPORT'].to_i != 80 || datastore['URIPATH'] != '/'
|
||||
fail_with(Failure::BadConfig, 'Using WebDAV requires SRVPORT=80 and ' +
|
||||
'URIPATH=/')
|
||||
fail_with(Failure::BadConfig, 'Using WebDAV requires SRVPORT=80 and URIPATH=/')
|
||||
end
|
||||
|
||||
print_status("Starting Shared resource at #{@exploit_unc}#{@share_name}" +
|
||||
|
@ -440,8 +439,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_error("#{peer} - Unexpected answer")
|
||||
end
|
||||
else
|
||||
fail_with(Failure::BadConfig, 'Bad UNCPATH format, should be ' +
|
||||
'\\\\host\\shared_folder\\base_name.dll')
|
||||
fail_with(Failure::BadConfig, 'Bad UNCPATH format, should be \\\\host\\shared_folder\\base_name.dll')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
})
|
||||
|
||||
unless res and res.code == 200
|
||||
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Upload failed")
|
||||
end
|
||||
|
||||
register_files_for_cleanup(@payload_name)
|
||||
|
|
|
@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
ctx = { 'Msf' => framework, 'MsfExploit' => self }
|
||||
sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => datastore['RPORT_REMOTING'], 'Context' => ctx })
|
||||
if sock.nil?
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{@remoting_port.to_s} - Failed to connect to remoting service")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{@remoting_port.to_s} - Failed to connect to remoting service")
|
||||
else
|
||||
print_status("#{rhost}:#{@remoting_port} - Getting traversal path...")
|
||||
end
|
||||
|
@ -423,7 +423,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
ctx = { 'Msf' => framework, 'MsfExploit' => self }
|
||||
sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => datastore['RPORT_REMOTING'], 'Context' => ctx })
|
||||
if sock.nil?
|
||||
fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{@remoting_port.to_s} - Failed to connect to remoting service")
|
||||
fail_with(Failure::Unreachable, "#{rhost}:#{@remoting_port.to_s} - Failed to connect to remoting service")
|
||||
else
|
||||
print_status("#{rhost}:#{@remoting_port} - Uploading payload to #{filename}")
|
||||
end
|
||||
|
|
|
@ -145,7 +145,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
cd(temp_dir)
|
||||
rescue Rex::Post::Meterpreter::RequestError
|
||||
session.railgun.kernel32.CloseHandle(handle)
|
||||
fail_with(Failure::Config, "Failed to use the #{temp_dir} directory")
|
||||
fail_with(Failure::BadConfig, "Failed to use the #{temp_dir} directory")
|
||||
end
|
||||
|
||||
print_status("Writing malicious DLL to remote filesystem")
|
||||
|
@ -157,7 +157,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
register_file_for_cleanup("#{write_path}\\#{dll_name}")
|
||||
rescue Rex::Post::Meterpreter::RequestError
|
||||
session.railgun.kernel32.CloseHandle(handle)
|
||||
fail_with(Failure::Config, "Failed to drop payload into #{temp_dir}")
|
||||
fail_with(Failure::BadConfig, "Failed to drop payload into #{temp_dir}")
|
||||
end
|
||||
|
||||
print_status("Exploiting through \\\\.\\pipe\\acsipc_server...")
|
||||
|
|
|
@ -141,11 +141,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
unless check == Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system")
|
||||
end
|
||||
|
||||
handle = open_device("\\\\.\\bthpan", 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING')
|
||||
|
|
|
@ -59,12 +59,12 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
if admin_group
|
||||
print_good('Part of Administrators group! Continuing...')
|
||||
else
|
||||
fail_with(Exploit::Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
end
|
||||
end
|
||||
|
||||
if get_integrity_level == INTEGRITY_LEVEL_SID[:low]
|
||||
fail_with(Exploit::Failure::NoAccess, 'Cannot BypassUAC from Low Integrity Level')
|
||||
fail_with(Failure::NoAccess, 'Cannot BypassUAC from Low Integrity Level')
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
case get_uac_level
|
||||
when UAC_PROMPT_CREDS_IF_SECURE_DESKTOP, UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP, UAC_PROMPT_CREDS, UAC_PROMPT_CONSENT
|
||||
fail_with(Exploit::Failure::NotVulnerable,
|
||||
fail_with(Failure::NotVulnerable,
|
||||
"UAC is set to 'Always Notify'\r\nThis module does not bypass this setting, exiting..."
|
||||
)
|
||||
when UAC_DEFAULT
|
||||
|
@ -157,14 +157,14 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
def validate_environment!
|
||||
fail_with(Exploit::Failure::None, 'Already in elevated state') if is_admin? or is_system?
|
||||
fail_with(Failure::None, 'Already in elevated state') if is_admin? or is_system?
|
||||
#
|
||||
# Verify use against Vista+
|
||||
#
|
||||
winver = sysinfo['OS']
|
||||
|
||||
unless winver =~ /Windows Vista|Windows 2008|Windows [78]/
|
||||
fail_with(Exploit::Failure::NotVulnerable, "#{winver} is not vulnerable.")
|
||||
fail_with(Failure::NotVulnerable, "#{winver} is not vulnerable.")
|
||||
end
|
||||
|
||||
if is_uac_enabled?
|
||||
|
@ -173,7 +173,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
if is_in_admin_group?
|
||||
fail_with(Failure::Unknown, 'UAC is disabled and we are in the admin group so something has gone wrong...')
|
||||
else
|
||||
fail_with(Exploit::Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
when UAC_PROMPT_CREDS_IF_SECURE_DESKTOP,
|
||||
UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP,
|
||||
UAC_PROMPT_CREDS, UAC_PROMPT_CONSENT
|
||||
fail_with(Exploit::Failure::NotVulnerable,
|
||||
fail_with(Failure::NotVulnerable,
|
||||
"UAC is set to 'Always Notify'\r\nThis module does not bypass this setting, exiting..."
|
||||
)
|
||||
when UAC_DEFAULT
|
||||
|
@ -106,18 +106,12 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
sysarch = sysinfo['Architecture']
|
||||
if sysarch =~ /x64/i
|
||||
unless (target_arch.first =~ /64/i) && (payload_instance.arch.first =~ /64/i)
|
||||
fail_with(
|
||||
Exploit::Failure::BadConfig,
|
||||
'x86 Target Selected for x64 System'
|
||||
)
|
||||
fail_with(Failure::BadConfig, 'x86 Target Selected for x64 System')
|
||||
end
|
||||
return ::File.join(path, 'bypassuac-x64.dll')
|
||||
else
|
||||
if (target_arch.first =~ /64/i) || (payload_instance.arch.first =~ /64/i)
|
||||
fail_with(
|
||||
Exploit::Failure::BadConfig,
|
||||
'x64 Target Selected for x86 System'
|
||||
)
|
||||
fail_with(Failure::BadConfig, 'x64 Target Selected for x86 System')
|
||||
end
|
||||
|
||||
return ::File.join(path, 'bypassuac-x86.dll')
|
||||
|
@ -136,12 +130,12 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
if admin_group
|
||||
print_good('Part of Administrators group! Continuing...')
|
||||
else
|
||||
fail_with(Exploit::Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
end
|
||||
end
|
||||
|
||||
if get_integrity_level == INTEGRITY_LEVEL_SID[:low]
|
||||
fail_with(Exploit::Failure::NoAccess, 'Cannot BypassUAC from Low Integrity Level')
|
||||
fail_with(Failure::NoAccess, 'Cannot BypassUAC from Low Integrity Level')
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -193,15 +187,12 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
write_file(payload_filepath, payload)
|
||||
register_file_for_cleanup(payload_filepath)
|
||||
rescue Rex::Post::Meterpreter::RequestError => e
|
||||
fail_with(
|
||||
Failure::Unknown,
|
||||
"Error uploading file #{payload_filepath}: #{e.class} #{e}"
|
||||
)
|
||||
fail_with(Failure::Unknown, "Error uploading file #{payload_filepath}: #{e.class} #{e}")
|
||||
end
|
||||
end
|
||||
|
||||
def validate_environment!
|
||||
fail_with(Exploit::Failure::None, 'Already in elevated state') if is_admin? || is_system?
|
||||
fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system?
|
||||
|
||||
winver = sysinfo['OS']
|
||||
|
||||
|
@ -209,14 +200,14 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
when /Windows (7|8|2008|2012)/
|
||||
print_good("#{winver} may be vulnerable.")
|
||||
else
|
||||
fail_with(Exploit::Failure::NotVulnerable, "#{winver} is not vulnerable.")
|
||||
fail_with(Failure::NotVulnerable, "#{winver} is not vulnerable.")
|
||||
end
|
||||
|
||||
if is_uac_enabled?
|
||||
print_status('UAC is Enabled, checking level...')
|
||||
else
|
||||
unless is_in_admin_group?
|
||||
fail_with(Exploit::Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -267,4 +258,3 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -181,11 +181,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
def check_session_arch
|
||||
if sysinfo['Architecture'] =~ /x64/i
|
||||
if payload_instance.arch.first == 'x86'
|
||||
fail_with(Exploit::Failure::BadConfig, "Wrong Payload Architecture")
|
||||
fail_with(Failure::BadConfig, "Wrong Payload Architecture")
|
||||
end
|
||||
else
|
||||
if payload_instance.arch.first =~ /64/i
|
||||
fail_with(Exploit::Failure::BadConfig, "Wrong Payload Architecture")
|
||||
fail_with(Failure::BadConfig, "Wrong Payload Architecture")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -207,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
print_status("Checking service exists...")
|
||||
if !check_service_exists?(@service_name)
|
||||
fail_with(Exploit::Failure::NoTarget, "The service doesn't exist.")
|
||||
fail_with(Failure::NoTarget, "The service doesn't exist.")
|
||||
end
|
||||
|
||||
if is_uac_enabled?
|
||||
|
@ -217,14 +217,14 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
if datastore['DIR'].empty?
|
||||
# If DLL already exists in system folders, we dont want to overwrite by accident
|
||||
if check_search_path
|
||||
fail_with(Exploit::Failure::NotVulnerable, "DLL already exists in system folders.")
|
||||
fail_with(Failure::NotVulnerable, "DLL already exists in system folders.")
|
||||
end
|
||||
|
||||
file_path = check_system_path
|
||||
file_path ||= check_dirs # If no paths are writable check to see if we can create any of the non-existant dirs
|
||||
|
||||
if file_path.nil?
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Unable to write to any folders in the PATH, aborting...")
|
||||
fail_with(Failure::NotVulnerable, "Unable to write to any folders in the PATH, aborting...")
|
||||
end
|
||||
else
|
||||
# Use manually selected Dir
|
||||
|
|
|
@ -149,7 +149,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
cd(temp_dir)
|
||||
rescue Rex::Post::Meterpreter::RequestError
|
||||
session.railgun.kernel32.CloseHandle(handle)
|
||||
fail_with(Failure::Config, "Failed to use the #{temp_dir} directory")
|
||||
fail_with(Failure::BadConfig, "Failed to use the #{temp_dir} directory")
|
||||
end
|
||||
|
||||
print_status('Writing malicious exe to remote filesystem')
|
||||
|
|
|
@ -66,11 +66,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if check == Exploit::CheckCode::Safe
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
end
|
||||
|
||||
print_status("Launching notepad to host the exploit...")
|
||||
|
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
unless check == Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system")
|
||||
end
|
||||
|
||||
print_status("Launching notepad to host the exploit...")
|
||||
|
|
|
@ -86,11 +86,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if check != Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
|
|
@ -101,11 +101,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if check == Exploit::CheckCode::Safe
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
unless check == Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system")
|
||||
end
|
||||
|
||||
handle = open_device('\\\\.\\tcp', 0, 'FILE_SHARE_READ', 'OPEN_EXISTING')
|
||||
|
|
|
@ -81,10 +81,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
begin
|
||||
write_file(payload_filepath, payload)
|
||||
rescue Rex::Post::Meterpreter::RequestError => e
|
||||
fail_with(
|
||||
Failure::Unknown,
|
||||
"Error uploading file #{payload_filepath}: #{e.class} #{e}"
|
||||
)
|
||||
fail_with(Failure::Unknown, "Error uploading file #{payload_filepath}: #{e.class} #{e}")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -130,11 +130,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
unless check == Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
end
|
||||
|
||||
print_status("Launching notepad to host the exploit...")
|
||||
|
|
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
command = cmd_psh_payload(payload.encoded, payload_instance.arch.first)
|
||||
cmd_exec(command)
|
||||
else
|
||||
fail_with(Exploit::Failure::NotVulnerable, "No powershell available.")
|
||||
fail_with(Failure::NotVulnerable, "No powershell available.")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -124,11 +124,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if check == Exploit::CheckCode::Safe
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system.")
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
|
|
@ -50,8 +50,8 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
def exploit
|
||||
fail_with(Exploit::Failure::BadConfig, 'Must be a meterpreter session') unless session.type == 'meterpreter'
|
||||
fail_with(Exploit::Failure::NoAccess, 'Cannot use this technique as SYSTEM') if is_system?
|
||||
fail_with(Failure::BadConfig, 'Must be a meterpreter session') unless session.type == 'meterpreter'
|
||||
fail_with(Failure::NoAccess, 'Cannot use this technique as SYSTEM') if is_system?
|
||||
domain = datastore['DOMAIN']
|
||||
user = datastore['USER']
|
||||
password = datastore['PASSWORD']
|
||||
|
|
|
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
if is_system?
|
||||
fail_with(Exploit::Failure::None, 'Session is already elevated')
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
|
||||
if sysinfo["Architecture"] =~ /wow64/i
|
||||
|
@ -139,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
unless check == Exploit::CheckCode::Vulnerable
|
||||
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
|
||||
fail_with(Failure::NotVulnerable, "Exploit not available on this system")
|
||||
end
|
||||
|
||||
handle = open_device('\\\\.\\vboxguest', 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING')
|
||||
|
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
begin
|
||||
smb_login
|
||||
rescue StandardError => autherror
|
||||
fail_with(Exploit::Failure::NoAccess, "#{peer} - Unable to authenticate with given credentials: #{autherror}")
|
||||
fail_with(Failure::NoAccess, "#{peer} - Unable to authenticate with given credentials: #{autherror}")
|
||||
end
|
||||
# Execute the powershell command
|
||||
print_status("#{peer} - Executing the payload...")
|
||||
|
|
|
@ -37,8 +37,8 @@ class Metasploit3 < Msf::Post
|
|||
def run
|
||||
winver = sysinfo["OS"]
|
||||
|
||||
fail_with(Exploit::Failure::NoTarget, 'Module not valid for Windows 2000') if winver =~ /2000/
|
||||
fail_with(Exploit::Failure::NoAccess, 'You don\'t have administrative privileges') unless is_admin?
|
||||
fail_with(Failure::NoTarget, 'Module not valid for Windows 2000') if winver =~ /2000/
|
||||
fail_with(Failure::NoAccess, 'You don\'t have administrative privileges') unless is_admin?
|
||||
|
||||
file_path = datastore['FILE_PATH']
|
||||
|
||||
|
@ -49,15 +49,9 @@ class Metasploit3 < Msf::Post
|
|||
# Continue, we can bypass these errors as we are performing a raw
|
||||
# file read.
|
||||
when ERROR::FILE_NOT_FOUND, ERROR::PATH_NOT_FOUND
|
||||
fail_with(
|
||||
Exploit::Failure::BadConfig,
|
||||
"The file, #{file_path}, does not exist, use file format C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts"
|
||||
)
|
||||
fail_with(Failure::BadConfig, "The file, #{file_path}, does not exist, use file format C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts")
|
||||
else
|
||||
fail_with(
|
||||
Failure::Unknown,
|
||||
"Unknown error locating #{file_path}. Windows Error Code: #{r['GetLastError']} - #{r['ErrorMessage']}"
|
||||
)
|
||||
fail_with(Failure::Unknown, "Unknown error locating #{file_path}. Windows Error Code: #{r['GetLastError']} - #{r['ErrorMessage']}")
|
||||
end
|
||||
|
||||
drive = file_path[0, 2]
|
||||
|
@ -71,9 +65,7 @@ class Metasploit3 < Msf::Post
|
|||
0)
|
||||
|
||||
if r['GetLastError'] != ERROR::SUCCESS
|
||||
fail_with(
|
||||
Failure::Unknown,
|
||||
"Error opening #{drive}. Windows Error Code: #{r['GetLastError']} - #{r['ErrorMessage']}")
|
||||
fail_with(Failure::Unknown, "Error opening #{drive}. Windows Error Code: #{r['GetLastError']} - #{r['ErrorMessage']}")
|
||||
end
|
||||
|
||||
@handle = r['return']
|
||||
|
|
|
@ -120,9 +120,9 @@ class Metasploit3 < Msf::Post
|
|||
print_good("Successfully added login \"#{dbuser}\" with password \"#{dbpass}\"")
|
||||
return true
|
||||
when /already exists/i
|
||||
fail_with(Exploit::Failure::BadConfig, "Unable to add login #{dbuser}, user already exists")
|
||||
fail_with(Failure::BadConfig, "Unable to add login #{dbuser}, user already exists")
|
||||
when /password validation failed/i
|
||||
fail_with(Exploit::Failure::BadConfig, "Unable to add login #{dbuser}, password does not meet complexity requirements")
|
||||
fail_with(Failure::BadConfig, "Unable to add login #{dbuser}, password does not meet complexity requirements")
|
||||
else
|
||||
print_error("Unable to add login #{dbuser}")
|
||||
print_error("Database Error:\n #{add_login_result}")
|
||||
|
|
Loading…
Reference in New Issue