Feature #2520

Administrative Privs Check (Railgun Script)

Added by Rob Fuller over 1 year ago. Updated 4 months ago.

Status:Closed Start date:09/10/2010
Priority:Normal Due date:
Assignee:- % Done:

100%
Category:-
Target version:-
Resolution:fixed How To Use:
Release Note:

Description

Following is just a quick railgun script that checks to see if the use you are on as has administrative privs to the current box. I call it amiadmin.rb but it can double as an example on how to load dlls that aren't apart of the base with error checking.

if client.platform == "x64/win32" 
        print_status "Railgun is currently not supported for x64 bit systems" 
        raise Rex::Script::Completed
end

if client.railgun.present? == true
        print_status "Railgun already loaded.. skipping" 
else
        print_status "Loading Railgun" 
        client.core.use("railgun")
end

if client.railgun.dll['shell32'] == nil
        print_status "Adding Shell32.dll" 
        client.railgun.add_dll('shell32','shell32')
else
        print_status "Shell32 already loaded.. skipping" 
end

if (client.railgun.shell32.respond_to? :IsUserAnAdmin)  == true
        print_status "IsUserAnAdmin already loaded.. skipping" 
else
        print_status "Adding the IsUserAnAdmin function" 
        client.railgun.add_function('shell32', 'IsUserAnAdmin', 'BOOL', [])
end

print_status "Running the IsUserAnAdmin function" 
status = client.railgun.shell32.IsUserAnAdmin()

if status["return"] == true then
        print_status "You are an administrator" 
        print_error status.inspect
else
        print_error "You are not an administrator" 
end

admin.diff (976 Bytes) Rob Fuller, 09/16/2010 10:43 am

admin.diff (949 Bytes) Rob Fuller, 09/16/2010 10:55 am

admin.diff (1.4 kB) Rob Fuller, 09/16/2010 12:47 pm

def_shell32.rb (298 Bytes) Rob Fuller, 09/16/2010 12:47 pm

Associated revisions

Revision 21d73420
Added by HD Moore over 1 year ago

Closes #2520. Merges Rob's patch to check admin privs on start

git-svn-id: file:///home/svn/framework3/trunk@10341 4d416f70-5f16-0410-b530-b9f4589650da

History

#1
Updated by Rob Fuller over 1 year ago

slight mod to the function check, was always returning false. Should be good now:

if (client.railgun.shell32.functions['IsUserAnAdmin']  == nil
        print_status "Adding the IsUserAnAdmin function" 
        client.railgun.add_function('shell32', 'IsUserAnAdmin', 'BOOL', [])
else
        print_status "IsUserAnAdmin already loaded.. skipping" 
end

#2
Updated by Rob Fuller over 1 year ago

diff to add this to the standard meterpreter session load

#3
Updated by Rob Fuller over 1 year ago

removed a useless variable

#4
Updated by Rob Fuller over 1 year ago

fixed:
  • loads priv if admin (thx HD for the idea)
  • specifies (ADMIN) on sessions output
  • lib/rex/post/meterpreter/extensions/stdapi/railgun/def/
    • added Shell32 to the railgun API modules
    • added IsUserAnAdmin to Shell32 just to start things off

#5
Updated by HD Moore over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset r10341.

#6
Updated by Jonathan Cran over 1 year ago

  • Status changed from Resolved to Closed
  • Resolution set to fixed

Also available in: Atom PDF