@@ -11,16 +11,16 @@ class Metasploit3 < Msf::Post
1111 include Msf ::Post ::Windows ::Priv
1212 include Msf ::Post ::Windows ::Runas
1313
14- def initialize ( info = { } )
14+ def initialize ( info = { } )
1515 super ( update_info ( info ,
1616 'Name' => "Windows Manage Run Command As User" ,
17- 'Description' => %q{
17+ 'Description' => %q(
1818 This module will login with the specified username/password and execute the
1919 supplied command as a hidden process. Output is not returned by default, by setting
2020 CMDOUT to false output will be redirected to a temp file and read back in to
2121 display.By setting advanced option SETPASS to true, it will reset the users
2222 password and then execute the command.
23- } ,
23+ ) ,
2424 'License' => MSF_LICENSE ,
2525 'Platform' => [ 'win' ] ,
2626 'SessionTypes' => [ 'meterpreter' ] ,
@@ -33,7 +33,7 @@ def initialize(info={})
3333 OptString . new ( 'USER' , [ true , 'Username to login with' ] ) ,
3434 OptString . new ( 'PASSWORD' , [ true , 'Password to login with' ] ) ,
3535 OptString . new ( 'CMD' , [ true , 'Command to execute' ] ) ,
36- OptBool . new ( 'CMDOUT' , [ true , 'Retrieve command output' , false ] ) ,
36+ OptBool . new ( 'CMDOUT' , [ true , 'Retrieve command output' , false ] )
3737 ] , self . class )
3838
3939 register_advanced_options (
@@ -102,7 +102,12 @@ def run
102102 # execute command and get output with a poor mans pipe
103103 if priv_check
104104 print_status ( "Executing CreateProcessAsUserA...we are SYSTEM" )
105- pi = create_process_as_user ( domain , user , password , nil , cmdstr )
105+ begin
106+ pi = create_process_as_user ( domain , user , password , nil , cmdstr )
107+ ensure
108+ session . railgun . kernel32 . CloseHandle ( pi [ :process_handle ] )
109+ session . railgun . kernel32 . CloseHandle ( pi [ :thread_handle ] )
110+ end
106111 else
107112 print_status ( "Executing CreateProcessWithLogonW..." )
108113 pi = create_process_with_logon ( domain , user , password , nil , cmdstr )
0 commit comments