Commit Graph

38 Commits (e450e34c7e6df282244e899bdd25e6dc6d7fada2)

Author SHA1 Message Date
Meatballs e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
Conflicts:
	modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
Meatballs 5a662defac
Post::Privs uses Post::Registry methods 2013-10-17 23:28:07 +01:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Rob Fuller aed2490536 add some output and fixing 2013-10-07 15:42:41 -04:00
Rob Fuller 75d2abc8c2 integrate some ask functionality into bypassuac 2013-10-07 15:14:54 -04:00
trustedsec 0799766faa Fix UAC is not enabled, no reason to run module when UAC is enabled and vulnerable
The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is:

Here is prior to the change on a fully patched Windows 8 machine:

msf exploit(bypassuac) > exploit

[*] Started reverse handler on 172.16.21.156:4444 
[*] UAC is Enabled, checking level...
[-] UAC is not enabled, no reason to run module
[-] Run exploit/windows/local/ask to elevate
msf exploit(bypassuac) > 

Here's the module when running with the most recent changes that are being proposed:

[*] Started reverse handler on 172.16.21.156:4444 
[*] UAC is Enabled, checking level...
[!] Could not determine UAC level - attempting anyways...
[*] Checking admin status...
[+] Part of Administrators group! Continuing...
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem....
[*] Sending stage (770048 bytes) to 172.16.21.128
[*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400

meterpreter > 

With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
2013-10-05 15:56:55 -04:00
Meatballs 3d812742f1 Merge upstream master 2013-09-26 21:27:44 +01:00
Meatballs a25833e4d7 Fix %TEMP% path 2013-09-26 19:22:36 +01:00
Tab Assassin d0360733d7 Retab changes for PR #2282 2013-09-05 14:05:34 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Meatballs 05f1622fcb Fix require 2013-08-26 16:21:18 +01:00
Meatballs 3b9ded5a8e BypassUAC now checks if the process is LowIntegrityLevel
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
2013-08-26 13:54:55 +01:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
cbgabriel 1032663cd4 Fixed check for Administrators SID in whoami /group output 2013-06-04 18:34:06 -04:00
HD Moore e2b8d5ed23 Fix from David Kennedy, enable Windows 8 support 2013-04-09 02:07:40 -05:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Tod Beardsley f1fedee63b EOL space, deleted 2012-11-26 14:19:40 -06:00
Rob Fuller e18acf2103 remove debugging code 2012-11-14 23:56:32 -05:00
Rob Fuller 7d41f1f9a0 add admin already and admin group checks 2012-11-14 23:54:01 -05:00
sagishahar 53c7479d70 Add Windows 8 support
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
Tod Beardsley be9a954405 Merge remote branch 'jlee-r7/cleanup/post-requires' 2012-10-23 15:08:25 -05:00
Michael Schierl 21f6127e29 Platform windows cleanup
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
James Lee 9c95c7992b Require's for all the include's 2012-10-23 13:24:05 -05:00
sinn3r 33ce74fe8c Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1 2012-10-23 02:10:56 -05:00
Rob Fuller 7437d9844b standardizing author info 2012-10-22 17:01:58 -04:00
Michael Schierl 5b18a34ad4 References cleanup
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
Michael Schierl 657d527f8d DisclosureDate cleanup: Try parsing all dates
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
Rob Fuller 55474dd8bf add simple UAC checks to bypassuac 2012-10-06 00:59:54 -04:00
Rob Fuller 0ae7756d26 fixed missing > on author 2012-10-05 11:13:40 -04:00
Rob Fuller 8520cbf218 fixes spotted by @jlee-r7 2012-10-04 17:34:35 -04:00
Tod Beardsley 4400cb94b5 Removing trailing spaces 2012-10-04 14:58:53 -05:00
Rob Fuller 3f2fe8d5b4 port bypassuac from post module to local exploit 2012-10-04 14:31:23 -04:00