Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add url for fodhelper #12294

Merged
merged 2 commits into from Sep 8, 2019

Conversation

@h00die
Copy link
Contributor

commented Sep 8, 2019

The fodhelper technique is being used by malware (no surprise) to whitelist Windows Defender folders where it drops more files.
Thought it may be good to include the link to that article since it gives the code and another vector for 'what can I do with this module'.

While working on this, noticed that a bunch of the bypassuac modules incorrectly formatted the references line. While no error was thrown, no references were being displayed in info. Fixed them.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Sep 8, 2019

While working on this, noticed that a bunch of the bypassuac modules incorrectly formatted the references line. While no error was thrown, no references were being displayed in info. Fixed them.

Uh... are you suggesting that info fails when the opening bracket for the References Array is not on a new line? That seems like part of a larger problem with the parser.

# grep -rn "References" modules/ | grep "\[" | wc -l
283
@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Sep 8, 2019

The problem isn't the newline, it's that it was originally making an array of strings instead of an array of arrays (of two strings)

@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Sep 8, 2019

[['foo','bar','foo','baz']] vs [['foo','bar'],['foo','baz']]

@bcoles
bcoles approved these changes Sep 8, 2019

@bcoles bcoles self-assigned this Sep 8, 2019

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Sep 8, 2019

Sanity check failed. I blame something else.

bcoles added a commit that referenced this pull request Sep 8, 2019

@bcoles bcoles merged commit 054a092 into rapid7:master Sep 8, 2019

2 of 3 checks passed

Metasploit Automation - Sanity Test Execution Failed to pass tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Sep 8, 2019

Release Notes

Fixes the References Arrays in several bypassuac modules.

msjenkins-r7 added a commit that referenced this pull request Sep 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.