search

AlessandroZ / BeRoot

Privilege Escalation Project - Windows / Linux / Mac
GNU Lesser General Public License v3.0
2.44k stars 466 forks source link

WebClient check failing with ValueError: Procedure probably called with not enough arguments (4 bytes missing #3

Closed voidpt closed 7 years ago

voidpt commented 7 years ago 
C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot>python beRoot.py
|====================================================================|
|                                                                    |
|                    Windows Privilege Escalation                    |
|                                                                    |
|                          ! BANG BANG !                             |
|                                                                    |
|====================================================================|

-------------- Check user admin --------------

[!] Is user in the administrator group
True

-------------- Check well known dlls hijacking --------------

[!] Writeable path on the path environment variable
C:\Python27\
C:\Python27\Scripts

[!] Check if well known vulnerable services are present
Associated dll: wlbsctrl.dll
Service: ikeext

-------------- Get System Priv with WebClient --------------

[!] Checking WebClient vulnerability

-------------- Error on: check_webclient --------------
Traceback (most recent call last):
  File "C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot\beroot\run_checks
.py", line 315, in check_all
    results = c(cmd)
  File "C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot\beroot\run_checks
.py", line 277, in check_webclient
    b = w.run(self.service, cmd)
  File "C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot\beroot\modules\ch
ecks\webclient\webclient.py", line 190, in run
    if self.startWebclient():
  File "C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot\beroot\modules\ch
ecks\webclient\webclient.py", line 96, in startWebclient
    if self.EventWrite(hReg, byref(event_desc), 0, None) == 0:
ValueError: Procedure probably called with not enough arguments (4 bytes missing
)

[!] Elapsed time = 0.125

IE 8 on Windows 7 - 32-bits vm from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

I have installed python 2.7.13, pywin32 and py2exe.

C:\Users\IEUser\Downloads\BeRoot-1.0\BeRoot-1.0\BeRoot>pip freeze
impacket==0.9.15
py2exe==0.6.9
pyasn1==0.2.3
pycrypto==2.6.1
pywin32==221
AlessandroZ commented 7 years ago

I had some 32 bits errors. Now it's fixed ! Thanks for the feedback

pieterhouwen commented 6 years ago

-------------- Get System Priv with WebClient --------------

[!] Checking WebClient vulnerability

################ Error on: check_webclient ################ Traceback (most recent call last): File "beroot\run_checks.py", line 315, in check_all File "beroot\run_checks.py", line 277, in check_webclient File "beroot\modules\checks\webclient\webclient.py", line 206, in run File "beroot\modules\checks\webclient\webclient.py", line 101, in startWebclie nt ValueError: Procedure probably called with not enough arguments (4 bytes missing )

I got the X86 precompiled version v1.01

I got it in the new version