Re: Exploit Type Local

[Ty Miller <tyronmiller () gmail com>]

Hey HD,

It would make sense to send local exploits down via a meterpreter session to
perform privilege escalation in case you only have user level access after
exploitation, and getsystem doesn't provide admin access.

I have to admit that I almost always get admin access immediately after
exploitation, but I have had to use local exploits in the past on rare
occasions where i've had to exploit a local vulnerability to elevate to
root/admin access.

Ty


On Thu, May 20, 2010 at 2:21 PM, HD Moore <hdm () metasploit com> wrote:

> On 5/19/2010 9:36 PM, Javier wrote:
> > Hi everbody, I have a question:
> >
> > I see in /msf3/lib/msf/core/exploit the type of exploits, and i can't
> > find the class for "Local Exploits" Msf::Exploit::Local where is she?
> >
> > Other: this class no have nothing of documentation, my exploit have to
> > exec a program vulnerable with a argument "the typic AAAAAAAAAA...",
> > there are a bult-in code in Local Exploits or the execute with exec?
>
> Support for local exploits is still a stub at this point; if you want to
> test it out, use the standard Remote exploit type and the existing
> payloads, but just set RHOST 127.0.0.1. We may look into expanding local
> exploits at some point, but it rarely makes sense to install all of
> metasploit in order to abuse a local vulnerability.
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework