-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove unnecesary sleep in several bypassuac modules #17350
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright I was able to test and verify all three modules are working as intended now. I am going to make a change as I push this up though. The logic for all three #cleanup
methods starts with unless @something.empty?
which is fine for exploitation, but caused a NoMethodError
when the module's check was used. I'm changing them all to if @something.present?
which will ensure that the value is set and not empty.
Exception output:
msf6 exploit(windows/local/bypassuac_sdclt) > recheck
[*] Reloading module...
[-] Msf::OptionValidateError The following options failed to validate: SESSION
[-] Check failed: The state could not be determined.
msf6 exploit(windows/local/bypassuac_sdclt) >
#present?
examples:
[1] pry(#<Msf::Modules::Exploit__Windows__Local__Bypassuac_sdclt::MetasploitModule>)> nil.present?
=> false
[2] pry(#<Msf::Modules::Exploit__Windows__Local__Bypassuac_sdclt::MetasploitModule>)> [].present?
=> false
[3] pry(#<Msf::Modules::Exploit__Windows__Local__Bypassuac_sdclt::MetasploitModule>)> [nil].present?
=> true
[4] pry(#<Msf::Modules::Exploit__Windows__Local__Bypassuac_sdclt::MetasploitModule>)>
I'm also fixing the output of the messages regarding the manual cleanup. It's a little confusing because they have an opening '
but not a closing one. It makes you wonder if the !
is a literal.
Everything else looks good, thanks for this patch!
Testing output
|
Release NotesThis updates three UAC bypass modules to remove a hard coded delay in favor of using the module's builtin cleanup method. This results in the user having access to the interactive session without needing to wait. |
This PR resolves a bug in several UAC bypass modules, which perform a sleep to await a shell before performing cleanup. The sleep is unnecessary, as the exploit driver already has the functionality to wait for a shell before performing cleanup.
The existing user experience feels frustrating ("what's it waiting for" or "Why hasn't it started my handler?"), which leads to a greater likelihood that the user will Ctrl+C out once the shell succeeds, preventing the cleanup and leaving more artifacts on disk.
Previous behaviour:
The new behaviour avoids the sleep, and leverages the existing
cleanup
method, so cleanup occurs as soon as we get the shell.Verification
verbose
totrue
(so you can see the cleanup)