Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« virusscan_bypass.rb: Now with a lame security bulletin | Main | Killing AV when it just will not Die! »
Tuesday
Jan042011

Metasploit Pro + Bypass Win UAC FTW!

DateTuesday, January 4, 2011 at 2:03PM

 

So before I left for the holidays, I was on a pentest.

I had a meterpreter session and went to collect the evidence and I saw an error!

I realized on this Windows 7 x64 machine, I was unable to elevate to NT AUTHORITY\SYSTEM.

UAC +1

Since it was the end of the day I put this in my "Do when I return from Holiday Pile!" and left to celebrate the New Years.

January 1st, dave_rel1k posted on Twitter "Happy New Year everyone! Here is a nice new addition to bypass UAC through meterpreter."

I downloaded this mana from heaven and installed it.

*Read the Instructions Included

I fired up Metasploit Pro (this works with the Framework as well.)  I dropped to the console and ran getsystem.  UAC was working.  Time to run bypassuac!

The script ran creating a 2nd meterpreter session.  The 2nd session was accessible by both the console and the Metasploit Pro application.

Interacting with the 2nd session, I ran my privilege escalation attempt again. +1 to ME!

For those keeping score, UAC +1, ME +1

Collecting my system evidence again rewarded me with the dump of the hashes.

+ 1 to ME and I will steal UAC's point along with those hashes!

For those keeping score UAC 0, ME +3

 

How about a nice game of chess?

 

Authorn00bz Network | CommentPost a Comment | Reference1 Reference |
tagged , in ,

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Cheap Steelers Jerseys
    at Cheap Steelers Jerseys on October 17, 2013
    NFL is truly a single of the biggest sports in America. It has a key following.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.