STRLCPY/Offensive-Rust

Added Alwaysinstallelevated
nikhil-polymath committed 1 year ago

42b26c24

1 parent 798a7354

■ ■ ■ ■ ■ ■

Windows PrivEsc/AlwaysInstallElevated/.gitignore

1 + /target
2 +

All occurrences

■ ■ ■ ■ ■ ■

Windows PrivEsc/AlwaysInstallElevated/Cargo.lock

1	+	# This file is automatically @generated by Cargo.
2	+	# It is not intended for manual editing.
3	+	version = 3
4	+
5	+	[[package]]
6	+	name = "AlwaysInstallElevated"
7	+	version = "0.1.0"
8	+	dependencies = [
9	+	"registry",
10	+	]
11	+
12	+	[[package]]
13	+	name = "bitflags"
14	+	version = "1.3.2"
15	+	source = "registry+https://github.com/rust-lang/crates.io-index"
16	+	checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
17	+
18	+	[[package]]
19	+	name = "cfg-if"
20	+	version = "1.0.0"
21	+	source = "registry+https://github.com/rust-lang/crates.io-index"
22	+	checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
23	+
24	+	[[package]]
25	+	name = "log"
26	+	version = "0.4.17"
27	+	source = "registry+https://github.com/rust-lang/crates.io-index"
28	+	checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
29	+	dependencies = [
30	+	"cfg-if",
31	+	]
32	+
33	+	[[package]]
34	+	name = "proc-macro2"
35	+	version = "1.0.50"
36	+	source = "registry+https://github.com/rust-lang/crates.io-index"
37	+	checksum = "6ef7d57beacfaf2d8aee5937dab7b7f28de3cb8b1828479bb5de2a7106f2bae2"
38	+	dependencies = [
39	+	"unicode-ident",
40	+	]
41	+
42	+	[[package]]
43	+	name = "quote"
44	+	version = "1.0.23"
45	+	source = "registry+https://github.com/rust-lang/crates.io-index"
46	+	checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
47	+	dependencies = [
48	+	"proc-macro2",
49	+	]
50	+
51	+	[[package]]
52	+	name = "registry"
53	+	version = "1.2.2"
54	+	source = "registry+https://github.com/rust-lang/crates.io-index"
55	+	checksum = "83e4b158bf49b0d000013487636c92268de4cfd26cdbb629f020a612749f12c4"
56	+	dependencies = [
57	+	"bitflags",
58	+	"log",
59	+	"thiserror",
60	+	"utfx",
61	+	"winapi",
62	+	]
63	+
64	+	[[package]]
65	+	name = "syn"
66	+	version = "1.0.107"
67	+	source = "registry+https://github.com/rust-lang/crates.io-index"
68	+	checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
69	+	dependencies = [
70	+	"proc-macro2",
71	+	"quote",
72	+	"unicode-ident",
73	+	]
74	+
75	+	[[package]]
76	+	name = "thiserror"
77	+	version = "1.0.38"
78	+	source = "registry+https://github.com/rust-lang/crates.io-index"
79	+	checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0"
80	+	dependencies = [
81	+	"thiserror-impl",
82	+	]
83	+
84	+	[[package]]
85	+	name = "thiserror-impl"
86	+	version = "1.0.38"
87	+	source = "registry+https://github.com/rust-lang/crates.io-index"
88	+	checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f"
89	+	dependencies = [
90	+	"proc-macro2",
91	+	"quote",
92	+	"syn",
93	+	]
94	+
95	+	[[package]]
96	+	name = "unicode-ident"
97	+	version = "1.0.6"
98	+	source = "registry+https://github.com/rust-lang/crates.io-index"
99	+	checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
100	+
101	+	[[package]]
102	+	name = "utfx"
103	+	version = "0.1.0"
104	+	source = "registry+https://github.com/rust-lang/crates.io-index"
105	+	checksum = "133bf74f01486773317ddfcde8e2e20d2933cc3b68ab797e5d718bef996a81de"
106	+
107	+	[[package]]
108	+	name = "winapi"
109	+	version = "0.3.9"
110	+	source = "registry+https://github.com/rust-lang/crates.io-index"
111	+	checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
112	+	dependencies = [
113	+	"winapi-i686-pc-windows-gnu",
114	+	"winapi-x86_64-pc-windows-gnu",
115	+	]
116	+
117	+	[[package]]
118	+	name = "winapi-i686-pc-windows-gnu"
119	+	version = "0.4.0"
120	+	source = "registry+https://github.com/rust-lang/crates.io-index"
121	+	checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
122	+
123	+	[[package]]
124	+	name = "winapi-x86_64-pc-windows-gnu"
125	+	version = "0.4.0"
126	+	source = "registry+https://github.com/rust-lang/crates.io-index"
127	+	checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
128	+

■ ■ ■ ■ ■ ■

Windows PrivEsc/AlwaysInstallElevated/Cargo.toml

1	+	[package]
2	+	name = "AlwaysInstallElevated"
3	+	version = "0.1.0"
4	+	edition = "2021"
5	+
6	+	# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7	+
8	+	[dependencies]
9	+	registry = "1.2.2"

■ ■ ■ ■ ■ ■

Windows PrivEsc/AlwaysInstallElevated/src/main.rs

1	+
2	+	use registry::*;
3	+
4	+	fn main() {
5	+
6	+	println!("[+] Checking AlwaysInstallElevated in Registry");
7	+
8	+	{
9	+	let regpath = r#"SOFTWARE\Policies\Microsoft\Windows\Installer"#;
10	+
11	+	let res = Hive::LocalMachine.open(regpath, Security::Read);
12	+
13	+	let regkey = match res{
14	+	Ok(regkey) => regkey,
15	+	Err(e) => { println!("LocalMachine -> {}",e); std::process::exit(0);}
16	+	};
17	+
18	+	let v = regkey.value("AlwaysInstallElevated");
19	+
20	+	match v{
21	+	Ok(data1) => println!("LocalMachine -> AlwaysInstallElevated -> {}",data1),
22	+	Err(e) => { println!("{}",e)}
23	+	};
24	+
25	+	}
26	+
27	+
28	+
29	+
30	+
31	+
32	+
33	+
34	+	{
35	+	let regpath = r#"SOFTWARE\Policies\Microsoft\Windows\Installer"#;
36	+
37	+	let res = Hive::CurrentUser.open(regpath, Security::Read);
38	+
39	+	let regkey = match res{
40	+	Ok(regkey) => regkey,
41	+	Err(e) => { println!("CurrentUser ->{}",e); std::process::exit(0);}
42	+	};
43	+
44	+	let v = regkey.value("AlwaysInstallElevated");
45	+
46	+	match v{
47	+	Ok(data1) => println!("CurrentUser -> AlwaysInstallElevated -> {}",data1),
48	+	Err(e) => { println!("{}",e)}
49	+	};
50	+
51	+	}
52	+
53	+
54	+	/*for i in regkey.values(){
55	+	println!("{:x?} -> {:x?}",
56	+	i.as_ref().unwrap().name().to_string(),
57	+	i.as_ref().unwrap().data().to_string());
58	+	}*/
59	+
60	+
61	+	}
62	+

	1	+	/target
	2	+

Added Alwaysinstallelevated