Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Privilege escalation in win7

From: Matt Gardenghi <mtgarden () gmail com>
Date: Wed, 05 May 2010 14:14:29 -0400
Which exploit? Can you successfully execute "run hashdump" and get the admin hash? Will incognito obtain the admin hash? Can you migrate to a different process? 

On 5/5/2010 2:11 PM, Darren Shady wrote:
Yes; Picked an exploit and have a meterpreter session active. -- get system fails on all 4 modes 

Looks like it times out and causes NTVDM.exe to stop

meterpreter > use priv

Loading extension priv...success.

meterpreter > use incognito

Loading extension incognito...success.

meterpreter > sysinfo

Computer: DARREN-PC

OS      : Windows 7 (Build 7600, ).

Arch    : x86

Language: en_US

meterpreter > getsystem
[-] Error running command getsystem: Rex::TimeoutError Operation timed out. 

meterpreter >

meterpreter >

meterpreter > getsystem

[-] priv_elevate_getsystem: Operation failed: 5

meterpreter >

       =[ metasploit v3.4.0-dev [core:3.4 api:1.0]

+ -- --=[ 547 exploits - 259 auxiliary

+ -- --=[ 208 payloads - 23 encoders - 8 nops

       =[ svn r9224 updated today (2010.05.05)

My assumption is this is as expected

*D*
*From:* framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] *On Behalf Of *Matt Gardenghi 
*Sent:* Wednesday, May 05, 2010 12:01 PM
*To:* framework () spool metasploit com
*Subject:* Re: [framework] Privilege escalation in win7
Do you have a meterpreter session? Getsystem just worked for me (though I don't know how patched the target really is). 

On 5/5/2010 1:58 PM, Darren Shady wrote:
On a patched win7 system (MS10-015), what other options are available for privilege escalation? 

*D*

This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended 
recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this 
e-mail is strictly prohibited. Thank you.
_______________________________________________ 
https://mail.metasploit.com/mailman/listinfo/framework

This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended 
recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this 
e-mail is strictly prohibited. Thank you.


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: