infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add TODO

bug/bundler_fix
Meatballs 2015-01-26 15:59:22 +00:00
parent 5ae65a723f
commit 93537765d0
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/local/runas.rb
View File

@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Local
profiles_path = "#{sysdrive}\\Documents and Settings\\" if os =~ /(2000|2003|XP|)/ profiles_path = "#{sysdrive}\\Documents and Settings\\" if os =~ /(2000|2003|XP|)/
profiles_path = "#{sysdrive}\\Users\\" profiles_path = "#{sysdrive}\\Users\\"
# This should relaly be done ala GetUserProfileDirectory # TODO:This should relaly be done ala GetUserProfileDirectory
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms682431%28v=vs.85%29.aspx # https://msdn.microsoft.com/en-us/library/windows/desktop/ms682431%28v=vs.85%29.aspx
path = "#{profiles_path}#{user}\\" path = "#{profiles_path}#{user}\\"
@ -124,6 +124,8 @@ class Metasploit3 < Msf::Exploit::Local
print_status("Executing CreateProcessWithLogonW...") print_status("Executing CreateProcessWithLogonW...")
logon = rg_adv.LogonUserW(user,domain, password, "LOGON32_LOGON_INTERACTIVE", "LOGON32_PROVIDER_DEFAULT", 4) logon = rg_adv.LogonUserW(user,domain, password, "LOGON32_LOGON_INTERACTIVE", "LOGON32_PROVIDER_DEFAULT", 4)
puts logon.inspect puts logon.inspect
# TODO: Error if command is greater than 1024, or greater than
# MAX_PATH
cs = rg_adv.CreateProcessWithLogonW(user, cs = rg_adv.CreateProcessWithLogonW(user,
domain, domain,
password, password,