Merge remote-tracking branch 'upstream/master' into bypassuac_redo

Conflicts:
	external/source/exploits/make.bat

Author: Meatballs1

data/js/detect/os.js

@@ -196,8 +196,7 @@ window.os_detect.getVersion = function(){
 		if (!ua_version || 0 == ua_version.length) {
 			ua_is_lying = true;
 		}
-	} else if (!document.all && navigator.taintEnabled ||
-	            'MozBlobBuilder' in window) {
+	} else if (navigator.oscpu && !document.all && navigator.taintEnabled || 'MozBlobBuilder' in window) {
 		// Use taintEnabled to identify FF since other recent browsers
 		// implement window.getComputedStyle now.  For some reason, checking for
 		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
@@ -882,6 +881,18 @@ window.os_detect.getVersion = function(){
 				os_flavor = "7";
 				os_sp = "SP1";
 				break;
+			case "11016428":
+				// IE 11.0.9600.16428 / Windows 7 SP1
+				ua_version = "11.0";
+				os_flavor = "7";
+				os_sp = "SP1";
+				break;
+			case "10016384":
+				// IE 10.0.9200.16384 / Windows 8 x86
+				ua_version = "10.0";
+				os_flavor = "8";
+				os_sp = "SP0";
+				break;
 			case "1000":
 				// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
 				ua_version = "10.0";

data/post/bypassuac-x64.exe

@@ -8,46 +8,6 @@
 #include <windows.h>
 #include <WinIOCtl.h>
 
-/*************************************************************************************************/
-/*************************************************************************************************/
-/*************************************************************************************************/
-
-std::wstring CError::Format( DWORD ErrorCode ) 
-{
-	return Format( ErrorCode, NULL, NULL );
-}
-
-std::wstring CError::Format(DWORD ErrorCode, const TCHAR *Title, const TCHAR *API) 
-{
-   LPVOID lpvMessageBuffer;
-
-   FormatMessage(
-			FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
-			NULL, ErrorCode,
-			MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
-			(LPTSTR)&lpvMessageBuffer, 0, NULL);
-
-   std::wstring result;
-
-	std::wostringstream es(TEXT(""));
-	es << ErrorCode;
-
-	if ( Title )
-		{ result.append( Title ); result.append( TEXT("\n") ); }
-	else
-		{ result.append( TEXT("ERROR") ); result.append( TEXT("\n") ); }
-
-	if ( API )
-	{ result.append( TEXT("API        = ") );result.append( API ); result.append( TEXT("\n") ); }
-	  result.append( TEXT("error code = ") );result.append( es.str() );result.append( TEXT("\n") );
-	if( lpvMessageBuffer )
-	{ result.append( TEXT("message    = ") );result.append( (TCHAR *)lpvMessageBuffer );result.append( TEXT("\n") ); }
-
-	if ( lpvMessageBuffer )
-	{ LocalFree(lpvMessageBuffer); }
-
-   return result;
-}
 
 /*************************************************************************************************/
 /*************************************************************************************************/
@@ -142,90 +102,3 @@ CInterprocessStorage::~CInterprocessStorage()
 	CloseHandle( _hMapping );
 }
 
-/*************************************************************************************************/
-/*************************************************************************************************/
-/*************************************************************************************************/
-
-std::wstring CLogger::GetPath()
-{
-	std::wstring path;
-
-	TCHAR buffer[MAX_PATH];
-	if ( GetTempPath( MAX_PATH, buffer ) )
-	{
-		path.assign( buffer );
-		path.append( TEXT("w7e.log") );
-	}
-
-	return path;
-}
-
-void CLogger::Reset()
-{
-	DeleteFile( GetPath().c_str() );
-}
-
-void CLogger::LogLine( std::wstring& Text )
-{
-	std::wstring tmp( Text.c_str() );
-	tmp.append( TEXT("\n") );
-	Log( tmp );
-}
-
-void CLogger::LogLine( )
-{
-	Log( TEXT("\n") );
-}
-
-void CLogger::LogLine( const TCHAR *Text )
-{
-	if ( Text )
-		LogLine( std::wstring( Text ) );
-}
-
-void CLogger::Log( const TCHAR Char )
-{
-	std::wstring tmp;
-	tmp.append( &Char, 1 );
-	Log( tmp );
-}
-
-void CLogger::Log( const TCHAR *Text )
-{
-	if ( Text )
-		Log( std::wstring( Text ) );
-}
-
-void CLogger::Log( std::wstring& Text )
-{
-	TCHAR buffer[MAX_PATH];
-	//
-	//	We have to check it every time to be reflective if user created this file 
-	//	while program was runnig.
-	//
-	if ( GetModuleFileName( NULL, buffer, MAX_PATH ) )
-	{
-		std::wstring dbg( buffer );
-		dbg.append( TEXT(".debug") );
-		HANDLE hdbg =  CreateFile( dbg.c_str(), FILE_READ_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL );
-		if ( INVALID_HANDLE_VALUE == hdbg )
-			return;
-
-		CloseHandle( hdbg );
-	}
-
-	HANDLE mutex = CreateMutex( NULL, FALSE, TEXT("CLoggerSync") );
-	if ( mutex ) WaitForSingleObject( mutex , INFINITE );
-		HANDLE hFile = CreateFile( GetPath().c_str(), FILE_ALL_ACCESS, 0, NULL, OPEN_ALWAYS, FILE_FLAG_WRITE_THROUGH, NULL );
-		if( INVALID_HANDLE_VALUE != hFile )
-		{
-			SetFilePointer( hFile, 0, NULL, FILE_END );
-
-			DWORD written;
-			WriteFile( hFile, Text.data(), Text.size() * sizeof(TCHAR), &written, NULL );
-
-			CloseHandle( hFile );
-		}
-	if ( mutex ) ReleaseMutex( mutex );
-	if ( mutex ) CloseHandle( mutex );
-}

data/post/bypassuac-x86.exe

@@ -13,9 +13,6 @@ DWORD WINAPI Redirector( LPVOID Parameter )
 	assert( Parameter );
 	TRedirectorPair *pair = reinterpret_cast<TRedirectorPair*>( Parameter );
 
-	CLogger::Log( TEXT("Hello redirector thread: ") );
-	CLogger::LogLine( pair->Name );
-
 	CHAR read_buff[2];
 	DWORD nBytesRead,nBytesWrote;
 
@@ -25,11 +22,7 @@ DWORD WINAPI Redirector( LPVOID Parameter )
 	{
 		if( ! ReadFile( pair->Source, read_buff, 1, &nBytesRead, NULL) )
 		{
-			CLogger::LogLine( 
-				CError::Format( 
-					GetLastError(), 
-					pair->Name.c_str(), 
-					TEXT("ReadFile") ) );
+			
 			error = true && (!pair->KeepAlive);
 			break;
 		}
@@ -67,11 +60,6 @@ DWORD WINAPI Redirector( LPVOID Parameter )
 
 				if ( ! WriteConsoleInput( pair->Destination, &inp, 1, &nBytesWrote) )
 				{
-					CLogger::LogLine( 
-						CError::Format( 
-							GetLastError(), 
-							pair->Name.c_str(), 
-							TEXT("WriteConsoleInput") ) );
 					error = true && (!pair->KeepAlive);
 					break;
 				}
@@ -80,20 +68,13 @@ DWORD WINAPI Redirector( LPVOID Parameter )
 			{
 				if ( ! WriteFile( pair->Destination, &read_buff[i], 1, &nBytesWrote, NULL) )
 				{
-					CLogger::LogLine( 
-						CError::Format( 
-							GetLastError(), 
-							pair->Name.c_str(), 
-							TEXT("WriteFile") ) );
 					error = true && (!pair->KeepAlive);
 					break;
 				}
 			}
 		}
 	}
 
-	CLogger::Log( TEXT("Bye redirector thread: ") );
-	CLogger::LogLine( pair->Name );
 	return EXIT_SUCCESS;
 }
 

external/source/exploits/bypassuac/CMMN.cpp

@@ -20,7 +20,6 @@
 
 int _tmain(int argc, _TCHAR* argv[])
 {
-	CLogger::LogLine(TEXT("TIOR: Hello"));
 
 	TRedirectorPair in = {0};
 	in.Source = CreateFile( STDIn_PIPE, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 0, 0);
@@ -79,9 +78,6 @@ int _tmain(int argc, _TCHAR* argv[])
 	CInterprocessStorage::GetString( TEXT("w7e_TIORArgs"), args );
 	CInterprocessStorage::GetString( TEXT("w7e_TIORDir"), dir );
 
-	CLogger::LogLine(TEXT("TIOR: shell="));	CLogger::LogLine(shell);
-	CLogger::LogLine(TEXT("TIOR: args="));	CLogger::LogLine(args);
-	CLogger::LogLine(TEXT("TIOR: dir="));	CLogger::LogLine(dir);
 
 	STARTUPINFO si = {0};si.cb = sizeof(si);
 	PROCESS_INFORMATION pi = {0};
@@ -100,11 +96,6 @@ int _tmain(int argc, _TCHAR* argv[])
 
 	if ( ! created )
 	{
-		CLogger::LogLine(
-			CError::Format(
-				GetLastError(), 
-				TEXT("TIOR: Unable to create child process"), 
-				TEXT("CreateProcess")));
 
 		return EXIT_FAILURE;
 	}
@@ -113,14 +104,12 @@ int _tmain(int argc, _TCHAR* argv[])
 		CloseHandle( pi.hThread );
 	}
 
-	CLogger::LogLine(TEXT("TIOR: Shell has been started. Waiting..."));
 	HANDLE waiters[4] = {pi.hProcess, in.Thread, out.Thread, err.Thread} ;
 	//
 	//	Waiting for eny handle to be freed. 
 	//	Either some IO thread will die or process will be oevered.
 	//
 	WaitForMultipleObjects( 4, waiters, FALSE, INFINITE );
-	CLogger::LogLine(TEXT("TIOR: Ensure that we processed all data in pipes"));
 
 	//
 	//	Even if process was overed, we need to be sure that we readed all data from the redirected pipe.
@@ -132,11 +121,9 @@ int _tmain(int argc, _TCHAR* argv[])
 	//	Dont forget to close child process. We need to be sure, if user terminated app which
 	//	reads our redirected data, we terminate the target child app.
 	//
-	CLogger::LogLine(TEXT("TIOR: Killing child process"));
 	TerminateProcess( pi.hProcess, EXIT_FAILURE );
 	CloseHandle( pi.hProcess );
 
-	CLogger::LogLine(TEXT("TIOR: Exit"));
 
 	//
 	//	I will not close any handles here - system will terminate and close all by it self.