Description: This is Part 6 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: http://www.securitytube.net/video/2556 . You can sign up for the course here http://www.securitytube.net/smfe Enjoy! Certifications page: http://www.securitytube.net/cert-list
In this video, we will look at privilege escalation in the post exploitation phase using Metasploit. It's a short sweet video on using the system meterpreter script along with other things.
Tags: smfe , metasploit , hacking , meterpreter , privilege escalation ,
Excellent ;)
Thank you Vivek for this series. I have a couple of questions:
1. You said that there are many methods of privilege escalation in Metasploit and that "getsystem" may not work. Can you give an indication of other methods? I don't know if you might consider a video in this series dealing with some of the other methods.
2. The user on the victim machine was SecurityTube and you elevated the privileges to System. Is SecurityTube an Admin user or Limited user?
@Ignatius
For the first question, getsystem is going to work (most possibly)
it's divided into multiple techniques (1,2,3,4...)
if I am right Vivek told that a technique might not going to work so the getsystem command will continue trying to get privileges with the next technique e.g technique 2 not that getsystem won't work
Hope I am clear (and Vivek I hope am right ) ;)
Dear Ignatius,
When dealing with Windows 7 machines with UAC enabled, "getsystem" may fail.
You can try using a Meterpreter script called "bypassuac". It creates a new Meterpreter session in which you'll be able to use getsystem.
Scenario:
1. You connect to a Meterpreter session (getsystem fails).
2. "run bypassuac" (give it a minute to load)
3. "background" (to background current session)
4. "session -i 2" (to connect to the new session)
5. "getsystem" (Should work unless the AV detected the new session)
I never tested it on Vista but it should work the same way.
If this script isn't built in the lastest Metaploit. you can get it at... http//www.secmaniac.com/download/
Great video Vivek! Keep them coming :)
Thanks Vivek for this wonderful video and website, Will you cover bypassing anti viruses in this course? And firewalls? Iv been doing a lot of research on how anti viruses work. From what I understand is anti viruses do not scan anything running in memory some people suggested recompiling the payload.
@PoisonReverse thanks for sharing that :)
@ringneckparrot and @PoisonReverse - thank you. I recall that Vivek said something like "there are tons of ways in Metasploit" and he demonstrated getsystem, but he also said that it may not work, hence my question about other techniques. I'm the sort of person who likes a "B" plan, "C" plan and "D" plan for if the "A" plan (then "B" plan and "C" plan) fail!
I'll be interested to know if others readers have techniques that work.
@j0k3rr - Vivek has posted a detailed video (part 7 of this series) that deals with AV and WFW.
I don't know if you've seen any of the work that Andrew has done which deals with AVs. He's created some videos for ST as well as a couple (so far) for InfoSec Institute. I'm far from an expert but it is also my understanding that AV won't pick something up if it's only in memory but will pounce on it immediately if it touches the hard drive.
@Ignatius thanks ! I have not seen Andrews work yet or Viveks but will check em out for sure thanks again for your comment.
Thanks Guys!
@ringneckparrot, Ignatius - PoisonReverse has one of the possible ways to do this. Funny thing is that if you run "getsystem" on Win7 without UAC bypass, it crashes my Win7 inside the VM :) Dunno if you guys are seeing the same.
@j0k3rr The next video talks about a generic AV killing technique, which is already posted:
http://www.securitytube.net/video/2666
Thanks for the video.
Thank you soo much for this Video Vivek.. I'm quite excited about the next one which I just about to see now..
Hello Vivek,
Thanks alot for this series, it's amazing .. But please can you post any link for Minishare 1.4.1 as I can't find it on any website.
I love your videos. You motivate me to study computer engineering. Thank you Vivek. Big thanks. :)
Interesting video. Can you please explain something more about migration? Please let me know if I have understood it correctly. Migration is useful if you want to still have access to the system even if the victim user shuts down the exploited process? If he shuts down the exploited process and I haven't migrated, then I lose connectivity to the target, right?
Link to Minishare 1.4.1
http://www.mediafire.com/?5jrm0t7mbigk0cg
The getsystem does not work in windows 7 and 8. It still gives access denied. Need help...
Thanks in advance