Land rapid7#9010, Remove checks for hardcoded SYSTEM account name

wwebb-r7 · wwebb-r7 · commit d9e0d891a1e6 · 2017-10-06T13:42:18.000-05:00
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb
@@ -159,7 +159,7 @@ def get_privs
   end
 
   def system_check
-    unless (client.sys.config.getuid == "NT AUTHORITY\\SYSTEM")
+    unless client.sys.config.is_system?
       print_warning("Not currently running as SYSTEM")
       return false
     end
diff --git a/modules/exploits/windows/local/ps_persist.rb b/modules/exploits/windows/local/ps_persist.rb
@@ -80,7 +80,7 @@ def exploit
       return
     end
     # Havent figured this one out yet, but we need a PID owned by a user, cant steal tokens either
-    if client.sys.config.getuid == 'NT AUTHORITY\SYSTEM'
+    if client.sys.config.is_system?
       print_error("Cannot run as system")
       return
     end
diff --git a/modules/post/windows/gather/enum_chrome.rb b/modules/post/windows/gather/enum_chrome.rb
@@ -151,7 +151,7 @@ def process_files(username)
 
       rows.map! do |row|
         res = Hash[*columns.zip(row).flatten]
-        if item[:encrypted_fields] && session.sys.config.getuid != "NT AUTHORITY\\SYSTEM"
+        if item[:encrypted_fields] && !session.sys.config.is_system?
 
           item[:encrypted_fields].each do |field|
             name = (res["name_on_card"] == nil) ? res["username_value"] : res["name_on_card"]
diff --git a/modules/post/windows/manage/powershell/build_net_code.rb b/modules/post/windows/manage/powershell/build_net_code.rb
@@ -59,7 +59,7 @@ def run
     end
 
     # Havent figured this one out yet, but we need a PID owned by a user, can't steal tokens either
-    if client.sys.config.getuid == 'NT AUTHORITY\SYSTEM'
+    if client.sys.config.is_system?
       print_error "Cannot run as system"
       return 0
     end
diff --git a/scripts/meterpreter/dumplinks.rb b/scripts/meterpreter/dumplinks.rb
@@ -66,7 +66,6 @@
 def enum_users(os)
   users = []
   userinfo = {}
-  user = @client.sys.config.getuid
   userpath = nil
   useroffcpath = nil
   sysdrv = @client.sys.config.getenv('SystemDrive')
@@ -79,7 +78,7 @@ def enum_users(os)
     lnkpath = "\\Recent\\"
     officelnkpath = "\\Application Data\\Microsoft\\Office\\Recent\\"
   end
-  if user == "NT AUTHORITY\\SYSTEM"
+  if @client.sys.config.is_system?
     print_status("Running as SYSTEM extracting user list...")
     @client.fs.dir.foreach(userpath) do |u|
       next if u =~ /^(\.|\.\.|All Users|Default|Default User|Public|desktop.ini)$/
diff --git a/scripts/meterpreter/enum_chrome.rb b/scripts/meterpreter/enum_chrome.rb
@@ -145,7 +145,7 @@ def process_files(username)
       db.close
       rows.map! do |row|
         res = Hash[*columns.zip(row).flatten]
-        if item[:encrypted_fields] && client.sys.config.getuid != "NT AUTHORITY\\SYSTEM"
+        if item[:encrypted_fields] && !client.sys.config.is_system?
           if @host_info['Architecture'] !~ /x64/
             item[:encrypted_fields].each do |field|
               print_good("decrypting field '#{field}'...")
diff --git a/scripts/meterpreter/enum_vmware.rb b/scripts/meterpreter/enum_vmware.rb
@@ -228,7 +228,6 @@ def enum_powercli
 def enum_users
   os = @client.sys.config.sysinfo['OS']
   users = []
-  user = @client.sys.config.getuid
   path4users = ""
   sysdrv = @client.sys.config.getenv('SystemDrive')
 
@@ -240,7 +239,7 @@ def enum_users
     profilepath = "\\Application Data\\VMware\\"
   end
 
-  if user == "NT AUTHORITY\\SYSTEM"
+  if @client.sys.config.is_system?
     print_status("Running as SYSTEM extracting user list..")
     @client.fs.dir.foreach(path4users) do |u|
       userinfo = {}
