updated getcountermeasure script

[spudgunman]

updated the popular script, did testing on all OS's out there seems to work ok in lab

http://pastebin.com/fXF2jKwY

update: 12/4/10 the script will now kill UAC on win7 if you have SYSTEM (requires a reboot)

[ThePistonDoctor]

Glad to see this worked out for you. BTW I noticed you did the EnableLUA injection before the LocalAccountTokenFilterPolicy injection in your code. interesting it works this way. Have you already become System at that point? Or perhaps this script is just assuming you have already elevated. I guess I missed where the elevation of privs occurred. I thought the localaccount... injection was what bumped you up to NT Authority\System per that exploit I pointed you to.

Either way glad it works. Nice work!

[spudgunman]

thanks for the feedback!!... yes I am still working on getting that link/code you sent me to work (with out much interaction so it can be scriptable) with metasploit

with this script (getcountermeasure) it assumes that you have system via traditional methods or my other script (Bash | # $Id: killuac.rb spudgunman $ # # Meterpreter s - Getcountermeasure v2 script) once SYSTEM it will change the keys EnableLUA first because that is most common on domain attached systems second it will disable LocalAccountTokenFilterPolicy on non domain attached systems to allow SYSTEM access for remote (things like PSRun PSKill etc for RPC)

that explain the thinking?

[ThePistonDoctor]

Perfectly. I just got out of my n00bie underoos recently apparently! Anyway this script looks like oodles of fun