infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Description changed

GSoC/Meterpreter_Web_Console
gushmazuko 2018-04-08 12:00:14 +02:00 committed by GitHub
parent 1e439b623b
commit bd672ae148
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/windows/local/bypassuac_sluihijack.rb
View File

@ -29,16 +29,18 @@ class MetasploitModule < Msf::Exploit::Local
'Name' => 'Windows UAC Protection Bypass (Via Slui File Handler Hijack)', 'Name' => 'Windows UAC Protection Bypass (Via Slui File Handler Hijack)',
'Description' => %q{ 'Description' => %q{
This module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under This module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under
the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) the Current User hive, and inserting a custom command that will get invoked when any binary
application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable
When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), to file handler hijacking. When we run slui.exe with changed Registry key
it will run our custom command as Admin instead of slui.exe. (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin
instead of slui.exe.
The module modifies the registry in order for this exploit to work. The modification is reverted The module modifies the registry in order for this exploit to work. The modification is
once the exploitation attempt has finished. reverted once the exploitation attempt has finished.
The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom The module does not require the architecture of the payload to match the OS. If
your DLL should call ExitProcess() after starting the payload in a different process. specifying EXE::Custom your DLL should call ExitProcess() after starting the
payload in a different process.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Author' => [