1337day-Exploits Posted November 29, 2012 Share Posted November 29, 2012 PacketStorm-Security Acaba de publicar lo siguiente: This is the hidden content, please Sign In or Sign Up ;) This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj. 29/11/2012 06:45 Link to comment Share on other sites More sharing options...
Recommended Posts