Re: BypassUAC not working against Windows 7 x86

[firstname lastname <psykosonik_frequenz () yahoo com>]

A quick update to this.

Thanks Michael for the clue. I tried uploading to the path mentioned, and it worked successfully.

Now, reading about IE operating in protected mode and more on that.

Regards,
NeonFlash



________________________________
 From: Michael Schierl <schierlm () gmx de>
To: firstname lastname <psykosonik_frequenz () yahoo com> 
Cc: "framework () spool metasploit com" <framework () spool metasploit com> 
Sent: Sunday, December 4, 2011 5:15 PM
Subject: Re: [framework] BypassUAC not working against Windows 7 x86
 
If you can upload files to C:\Users\Neon\AppData\LocalLow but nowhere
else inside the user's profile you are still inside IE8's "Sandbox" aka
"IE Protected Mode".

http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx


Maybe someone else can give you any hints on how to get out of there.



Am 04.12.2011 11:57, schrieb firstname lastname:
> Ok, I have not tried that already.
>
> Yes, I have a reverse_tcp meterpreter shell. I am able to run a set of
> commands like getuid, sysinfo and stuff. However, commands like
> sniffer_start and upload do not work for me.
>
> So, here's what I did to manually upload the bypassuac-x86.exe to the
> Windows 7 Target Machine.
>
> meterpreter > upload data/post/bypassuac-x86.exe C:\\Users\\Neon\\Desktop
> [*] uploading  : data/post/bypassuac-x86.exe -> C:\Users\Neon\Desktop
> [-] core_channel_open: Operation failed: Access is denied.
>
> What's wrong with this? I have given the sysinfo and getuid output in my
> previous post already.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework