Land rapid7#8378, Add check in archmigrate to prevent privdesc

Author: bwatters-r7

modules/post/windows/manage/archmigrate.rb

@@ -2,6 +2,7 @@ class MetasploitModule < Msf::Post
   include Msf::Post::Windows::Registry
   include Msf::Post::File
   include Msf::Post::Common
+  include Msf::Post::Windows::Priv
 
   def initialize(info = {})
     super(update_info(
@@ -21,7 +22,8 @@ def initialize(info = {})
     register_options(
       [
         OptString.new('EXE', [true, 'The executable to start and migrate into', 'C:\windows\sysnative\svchost.exe']),
-        OptBool.new('FALLBACK', [ true, 'If the selected migration executable does not exist fallback to a sysnative file', true ])
+        OptBool.new('FALLBACK', [ true, 'If the selected migration executable does not exist fallback to a sysnative file', true ]),
+        OptBool.new('IGNORE_SYSTEM', [true, 'Migrate even if you have SYSTEM privileges', false])
       ],
       self.class
     )
@@ -48,7 +50,7 @@ def get_windows_loc
     return windir
   end
 
-  def run
+  def do_migrate
     if check_32_on_64
       print_status('The meterpreter is not the same architecture as the OS! Upgrading!')
       newproc = datastore['EXE']
@@ -86,4 +88,18 @@ def run
       print_good('The meterpreter is the same architecture as the OS!')
     end
   end
+
+  def run
+    if datastore['IGNORE_SYSTEM']
+      do_migrate
+    elsif !datastore['IGNORE_SYSTEM'] && is_system?
+      print_error('You are running as SYSTEM! Aborting migration.')
+    elsif datastore['IGNORE_SYSTEM'] && is_system?
+      print_error('You are running as SYSTEM! You will lose your privileges!')
+      do_migrate
+    elsif !datastore['IGNORE_SYSTEM'] && !is_system?
+      print_status('You\'re not running as SYSTEM. Moving on...')
+      do_migrate
+    end
+  end
 end