From 21d734201ab101bfe6a97e454a22f3e621bcdc8f Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Thu, 16 Sep 2010 21:44:25 +0000
Subject: [PATCH] Closes #2520. Merges Rob's patch to check admin privs on
 start

git-svn-id: file:///home/svn/framework3/trunk@10341 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/base/sessions/meterpreter_options.rb  | 11 ++++++----
 .../stdapi/railgun/def/def_shell32.rb         | 21 +++++++++++++++++++
 .../extensions/stdapi/railgun/railgun.rb      |  3 +++
 3 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb

diff --git a/lib/msf/base/sessions/meterpreter_options.rb b/lib/msf/base/sessions/meterpreter_options.rb
index 2ef911bc8e..f5ff285de5 100644
--- a/lib/msf/base/sessions/meterpreter_options.rb
+++ b/lib/msf/base/sessions/meterpreter_options.rb
@@ -38,13 +38,16 @@ module MeterpreterOptions
 		if (datastore['AutoLoadStdapi'] == true)
 			session.load_stdapi
 			mod = framework.modules.create(session.via_exploit)
-			if (mod and mod.privileged?)
-				session.load_priv
-			end
-
+			
 			if datastore['AutoSystemInfo']
 				session.load_session_info
 			end
+			
+			if session.railgun.shell32.IsUserAnAdmin()["return"] == true then
+				session.load_priv
+				session.info += " (ADMIN)"
+			end
+
 		end
 
 		if (datastore['InitialAutoRunScript'].empty? == false)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb
new file mode 100644
index 0000000000..04bb212c1f
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb
@@ -0,0 +1,21 @@
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+module Def
+
+class Def_shell32
+
+	def self.add_imports(railgun)
+		
+		railgun.add_dll('shell32')
+
+		railgun.add_function( 'shell32', 'IsUserAnAdmin', 'BOOL', [
+			])
+	end
+	
+end
+
+end; end; end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
index cfadf40039..541c41db43 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
@@ -143,6 +143,9 @@ class Railgun
 				when 'advapi32'
 					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32'
 					Def::Def_advapi32.add_imports(self)
+				when 'shell32'
+					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32'
+					Def::Def_shell32.add_imports(self)
 			end
 			
 			if( @dll.has_key?( dll_name ) )