Skip to content

Commit b367b01

Browse files
Meatballs1Meatballs1
committed
Remove unneccessary logonuser
1 parent 3d0dc1a commit b367b01

File tree

1 file changed

+18
-36
lines changed

1 file changed

+18
-36
lines changed

lib/msf/core/post/windows/runas.rb

Lines changed: 18 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -69,45 +69,27 @@ def create_process_with_logon(domain, user, password, application_name, command_
6969
return unless check_user_format(user, domain)
7070
return unless check_command_length(application_name, command_line, 1024)
7171

72-
vprint_status("Executing LogonUserW...")
73-
logon_user = session.railgun.advapi32.LogonUserW(user,
74-
domain,
75-
password,
76-
'LOGON32_LOGON_INTERACTIVE',
77-
'LOGON32_PROVIDER_DEFAULT',
78-
4)
79-
if logon_user['return']
80-
begin
81-
ph_token = logon_user['phToken']
82-
vprint_status("Executing CreateProcessWithLogonW: #{application_name} #{command_line}...")
83-
create_process = session.railgun.advapi32.CreateProcessWithLogonW(user,
84-
domain,
85-
password,
86-
'LOGON_WITH_PROFILE',
87-
application_name,
88-
command_line,
89-
'CREATE_UNICODE_ENVIRONMENT',
90-
nil,
91-
nil,
92-
startup_info,
93-
16)
94-
if create_process['return']
95-
pi = parse_process_information(create_process['lpProcessInformation'])
96-
print_good("Process started successfully, PID: #{pi[:process_id]}")
97-
else
98-
print_error("Unable to create process, Error Code: #{create_process['GetLastError']} - #{create_process['ErrorMessage']}")
99-
print_error("Try setting the DOMAIN or USER in the format: user@domain") if create_process['GetLastError'] == 1783 && domain.nil?
100-
end
101-
102-
return pi
103-
ensure
104-
session.railgun.kernel32.CloseHandle(ph_token)
105-
end
72+
vprint_status("Executing CreateProcessWithLogonW: #{application_name} #{command_line}...")
73+
create_process = session.railgun.advapi32.CreateProcessWithLogonW(user,
74+
domain,
75+
password,
76+
'LOGON_WITH_PROFILE',
77+
application_name,
78+
command_line,
79+
'CREATE_UNICODE_ENVIRONMENT',
80+
nil,
81+
nil,
82+
startup_info,
83+
16)
84+
if create_process['return']
85+
pi = parse_process_information(create_process['lpProcessInformation'])
86+
print_good("Process started successfully, PID: #{pi[:process_id]}")
10687
else
107-
print_error("Unable to login the user, Error Code: #{logon_user['GetLastError']} - #{logon_user['ErrorMessage']}")
88+
print_error("Unable to create process, Error Code: #{create_process['GetLastError']} - #{create_process['ErrorMessage']}")
89+
print_error("Try setting the DOMAIN or USER in the format: user@domain") if create_process['GetLastError'] == 1783 && domain.nil?
10890
end
10991

110-
nil
92+
pi
11193
end
11294

11395
# Can be used by SYSTEM processes with the SE_INCREASE_QUOTA_NAME and

0 commit comments

Comments
 (0)