adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bypassuac_injection_winsxs for x64

Browse Source 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
This commit is contained in:
Spencer McIntyre
2023-02-03 13:02:53 -05:00
parent b866bf59c8
commit f2e5e77e27
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/windows/local/bypassuac_injection_winsxs.rb
+2 -2
View File
@@ -276,8 +276,8 @@ class MetasploitModule < Msf::Exploit::Local
andOperation = fileAttributes & client.railgun.const("FILE_ATTRIBUTE_DIRECTORY")
if andOperation
# Removes the remainder part composed of 'A' of the path and the last null character
normalizedData = findFileData[fileNamePadding, fileNamePadding + maxPath].split('AAA')[0]
path = "#{payload_filepath}\\#{normalizedData[0, normalizedData.length - 1]}"
normalizedData = findFileData[fileNamePadding, fileNamePadding + maxPath].split("\x00", 2).first
path = "#{payload_filepath}\\#{normalizedData}"
directoryNames.push(path)
end