Skip to content

Commit d9e0d89

Browse files
committed
Land rapid7#9010, Remove checks for hardcoded SYSTEM account name
2 parents 7535fe2 + 81406a0 commit d9e0d89

File tree

7 files changed

+7
-9
lines changed

7 files changed

+7
-9
lines changed

lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ def get_privs
159159
end
160160

161161
def system_check
162-
unless (client.sys.config.getuid == "NT AUTHORITY\\SYSTEM")
162+
unless client.sys.config.is_system?
163163
print_warning("Not currently running as SYSTEM")
164164
return false
165165
end

modules/exploits/windows/local/ps_persist.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ def exploit
8080
return
8181
end
8282
# Havent figured this one out yet, but we need a PID owned by a user, cant steal tokens either
83-
if client.sys.config.getuid == 'NT AUTHORITY\SYSTEM'
83+
if client.sys.config.is_system?
8484
print_error("Cannot run as system")
8585
return
8686
end

modules/post/windows/gather/enum_chrome.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ def process_files(username)
151151

152152
rows.map! do |row|
153153
res = Hash[*columns.zip(row).flatten]
154-
if item[:encrypted_fields] && session.sys.config.getuid != "NT AUTHORITY\\SYSTEM"
154+
if item[:encrypted_fields] && !session.sys.config.is_system?
155155

156156
item[:encrypted_fields].each do |field|
157157
name = (res["name_on_card"] == nil) ? res["username_value"] : res["name_on_card"]

modules/post/windows/manage/powershell/build_net_code.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ def run
5959
end
6060

6161
# Havent figured this one out yet, but we need a PID owned by a user, can't steal tokens either
62-
if client.sys.config.getuid == 'NT AUTHORITY\SYSTEM'
62+
if client.sys.config.is_system?
6363
print_error "Cannot run as system"
6464
return 0
6565
end

scripts/meterpreter/dumplinks.rb

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,6 @@
6666
def enum_users(os)
6767
users = []
6868
userinfo = {}
69-
user = @client.sys.config.getuid
7069
userpath = nil
7170
useroffcpath = nil
7271
sysdrv = @client.sys.config.getenv('SystemDrive')
@@ -79,7 +78,7 @@ def enum_users(os)
7978
lnkpath = "\\Recent\\"
8079
officelnkpath = "\\Application Data\\Microsoft\\Office\\Recent\\"
8180
end
82-
if user == "NT AUTHORITY\\SYSTEM"
81+
if @client.sys.config.is_system?
8382
print_status("Running as SYSTEM extracting user list...")
8483
@client.fs.dir.foreach(userpath) do |u|
8584
next if u =~ /^(\.|\.\.|All Users|Default|Default User|Public|desktop.ini)$/

scripts/meterpreter/enum_chrome.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ def process_files(username)
145145
db.close
146146
rows.map! do |row|
147147
res = Hash[*columns.zip(row).flatten]
148-
if item[:encrypted_fields] && client.sys.config.getuid != "NT AUTHORITY\\SYSTEM"
148+
if item[:encrypted_fields] && !client.sys.config.is_system?
149149
if @host_info['Architecture'] !~ /x64/
150150
item[:encrypted_fields].each do |field|
151151
print_good("decrypting field '#{field}'...")

scripts/meterpreter/enum_vmware.rb

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -228,7 +228,6 @@ def enum_powercli
228228
def enum_users
229229
os = @client.sys.config.sysinfo['OS']
230230
users = []
231-
user = @client.sys.config.getuid
232231
path4users = ""
233232
sysdrv = @client.sys.config.getenv('SystemDrive')
234233

@@ -240,7 +239,7 @@ def enum_users
240239
profilepath = "\\Application Data\\VMware\\"
241240
end
242241

243-
if user == "NT AUTHORITY\\SYSTEM"
242+
if @client.sys.config.is_system?
244243
print_status("Running as SYSTEM extracting user list..")
245244
@client.fs.dir.foreach(path4users) do |u|
246245
userinfo = {}

0 commit comments

Comments
 (0)