Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck
commit
8375bb8390
|
@ -50,6 +50,11 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def exploit
|
||||
|
||||
isadmin = session.railgun.shell32.IsUserAnAdmin()
|
||||
if isadmin['return']
|
||||
print_error('Already in elevated state. Exiting...')
|
||||
return
|
||||
end
|
||||
|
||||
#
|
||||
# Verify use against Vista+
|
||||
|
@ -95,6 +100,31 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
return
|
||||
end
|
||||
|
||||
# Check if you are an admin
|
||||
print_status('Checking admin status...')
|
||||
whoami = session.sys.process.execute('cmd /c whoami /groups',
|
||||
nil,
|
||||
{'Hidden' => true, 'Channelized' => true}
|
||||
)
|
||||
cmdout = []
|
||||
isinadmins = []
|
||||
while(cmdoutput = whoami.channel.read)
|
||||
cmdout << cmdoutput
|
||||
end
|
||||
if cmdout.size == 0
|
||||
print_error('Either whoami is not there or failed to execute')
|
||||
print_error('Continuing under assumption you already checked...')
|
||||
else
|
||||
isinadmins = cmdout[0].split("\r\n").grep(/S-1-5-32-544/)
|
||||
if isinadmins.size > 0
|
||||
print_good('Part of Administrators group! Continuing...')
|
||||
else
|
||||
print_error('Not in admins group, cannot escalate with this module')
|
||||
print_error('Exiting...')
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Generate payload and random names for upload
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue