diff options
| author | Harmj0y <will@harmj0y.net> | 2016-03-15 15:13:02 -0400 |
|---|---|---|
| committer | Harmj0y <will@harmj0y.net> | 2016-03-15 15:13:02 -0400 |
| commit | 13adf516d52c43c8cb08d376b449d7ca883c8929 (patch) | |
| tree | 9d35e6bc16dd8d2b00c08488f7f400f766d471a6 | |
| parent | 6a17f759ab1fe4c3cfdbfc33e362c362b4d47da1 (diff) | |
| download | PowerSploit-13adf516d52c43c8cb08d376b449d7ca883c8929.tar.gz PowerSploit-13adf516d52c43c8cb08d376b449d7ca883c8929.zip | |
Moved admin check for Get-System to allow for RevToSelf
| -rw-r--r-- | Privesc/Get-System.ps1 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Privesc/Get-System.ps1 b/Privesc/Get-System.ps1 index 17f5c41..32d4399 100644 --- a/Privesc/Get-System.ps1 +++ b/Privesc/Get-System.ps1 @@ -548,10 +548,6 @@ function Get-System { } } - if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) { - Write-Error "Script must be run as administrator" -ErrorAction Stop - } - if([System.Threading.Thread]::CurrentThread.GetApartmentState() -ne 'STA') { Write-Error "Script must be run in STA mode, relaunch powershell.exe with -STA flag" -ErrorAction Stop } @@ -577,6 +573,10 @@ function Get-System { } else { + if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) { + Write-Error "Script must be run as administrator" -ErrorAction Stop + } + if($Technique -eq 'NamedPipe') { # if we're using named pipe impersonation with a service Get-SystemNamedPipe -ServiceName $ServiceName -PipeName $PipeName |