False detection of permission to create a service with openscmanager

AlessandroZ / BeRoot

Privilege Escalation Project - Windows / Linux / Mac

GNU Lesser General Public License v3.0

2.44k stars 466 forks source link

False detection of permission to create a service with openscmanager #6

Closed m0sia closed 7 years ago

m0sia commented 7 years ago

In case OpenSCMnager returns ERROR_ACCESS_DENIED(0x5) it will be successfully casted to integer and check_services_creation_with_openscmanager() will return True.

def check_services_creation_with_openscmanager():
    isPossible = False
    try:
        # open the SCM with "SC_MANAGER_CREATE_SERVICE" rights 
        createServ = OpenSCManager(None, None, SC_MANAGER_CREATE_SERVICE)
        try:
            if int(createServ) != 0:
                return True
        # if the int cast failed (when it is an HANDLE)
        except:
            return True
    except: 
        pass

    return False

AlessandroZ commented 7 years ago

Thanks for your feedback, I appreciate. It has been fixed now !