From 13adf516d52c43c8cb08d376b449d7ca883c8929 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Tue, 15 Mar 2016 15:13:02 -0400
Subject: Moved admin check for Get-System to allow for RevToSelf

---
 Privesc/Get-System.ps1 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Privesc/Get-System.ps1 b/Privesc/Get-System.ps1
index 17f5c41..32d4399 100644
--- a/Privesc/Get-System.ps1
+++ b/Privesc/Get-System.ps1
@@ -548,10 +548,6 @@ function Get-System {
         }
     }
 
-    if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
-        Write-Error "Script must be run as administrator" -ErrorAction Stop
-    }
-
     if([System.Threading.Thread]::CurrentThread.GetApartmentState() -ne 'STA') {
         Write-Error "Script must be run in STA mode, relaunch powershell.exe with -STA flag" -ErrorAction Stop
     }
@@ -577,6 +573,10 @@ function Get-System {
     }
 
     else {
+        if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
+            Write-Error "Script must be run as administrator" -ErrorAction Stop
+        }
+
         if($Technique -eq 'NamedPipe') {
             # if we're using named pipe impersonation with a service
             Get-SystemNamedPipe -ServiceName $ServiceName -PipeName $PipeName
-- 
cgit v1.2.3