Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
Tuesday
Jan042011

Metasploit Pro + Bypass Win UAC FTW!

DateTuesday, January 4, 2011 at 2:03PM

 

So before I left for the holidays, I was on a pentest.

I had a meterpreter session and went to collect the evidence and I saw an error!

I realized on this Windows 7 x64 machine, I was unable to elevate to NT AUTHORITY\SYSTEM.

UAC +1

Since it was the end of the day I put this in my "Do when I return from Holiday Pile!" and left to celebrate the New Years.

January 1st, dave_rel1k posted on Twitter "Happy New Year everyone! Here is a nice new addition to bypass UAC through meterpreter."

I downloaded this mana from heaven and installed it.

*Read the Instructions Included

I fired up Metasploit Pro (this works with the Framework as well.)  I dropped to the console and ran getsystem.  UAC was working.  Time to run bypassuac!

The script ran creating a 2nd meterpreter session.  The 2nd session was accessible by both the console and the Metasploit Pro application.

Interacting with the 2nd session, I ran my privilege escalation attempt again. +1 to ME!

For those keeping score, UAC +1, ME +1

Collecting my system evidence again rewarded me with the dump of the hashes.

+ 1 to ME and I will steal UAC's point along with those hashes!

For those keeping score UAC 0, ME +3

 

How about a nice game of chess?

 

Authorn00bz Network | CommentPost a Comment | Reference1 Reference |
tagged , in ,
Tuesday
Jan042011

Killing AV when it just will not Die!

DateTuesday, January 4, 2011 at 11:13AM

So we get a shell/meterpreter session and we escalate to system.  As NT AUTHORITY\SYSTEM we should be able to remove those pesky AV/HIPS products that prevent us from completing our penetration test.

Metasploit has an awesome script called killav which will defeat many AV products.  Sometimes however, AV just will not die.

Looking at the processes running we see all the processes running.  Once again, I am picking on McAfee but Symantec and friends has the same type of setup. 

Killing the pid also doesn't work since the application is running as a service.

However.......  If one were to run the following:

net stop “McAfee Framework Service"

net stop "McAfee McShield"

net stop "McAfee Engine Service"

Running the process list again shows McShield and his band of brothers are McGone!

It should be noted that we leave McTray.exe allowed to run so that the user will still see the shield running in the task bar and will not be aware that we have disabled the protection of AV entirely. 

The attacker is now able to infect the machine with any payload they see fit.  Go Zeus?

Authorn00bz Network | CommentPost a Comment | Reference6 References |
tagged , in ,
Sunday
Dec262010

Happy Holiday's iPad owners 

DateSunday, December 26, 2010 at 2:28PM

I love my iPad to read magazines. I use zinio. Here is a link to get you started...

http://bit.ly/c5CcZa

Copy this bit.ly link and click on it often.

Here is a hint to my 1337: play with the cookies. I have digital Maxim Magazine for the next 55 years.

Authorn00bz Network | CommentPost a Comment |
in ,
Saturday
Dec182010

Gold ATM

DateSaturday, December 18, 2010 at 1:53PM

The mall has a new ATM. This one doesn't spit out cash. It spits out Gold. The machine dials home every 15 minutes to make sure you are getting the latest spot prices from the exchange.

Interesting to note, you need to swipe a passport or government ID if you purchase over $10,000 for anti money laundering.

I expect Barnaby Jack to have an ATM Hacking: Gold Edition talk at Defcon soon!

Authorn00bz Network | Comment1 Comment |
tagged , in ,
Thursday
Dec162010

Economics 101

DateThursday, December 16, 2010 at 9:20AM

AB wants to buy a commercial pentest tool.

He goes to Core and asks for a Demo. They offer him 30 days to try their tool for the low price of 4k. All they need is the list of IP addresses because the demo is limited.

He went to Rapid7 and looked at Metasploit Express. He was able to download a FREE full demo with no restrictions for 7 days.

AB has 4k dollars to spend
Door #1: A limited functionality demo
Door #2: A licensed copy of Metasploit Express and 20 kegs of beer.

The only hard choice that is required is which beer to get... I vote for Heineken.

Authorn00bz Network | CommentPost a Comment | Reference1 Reference |
in
Page 1 ... 9 10 11 12 13 ... 54 Next 5 Entries »