Metasploit mailing list archives
Re: Using smb_relay without admin access
From: Brian <briaar () gmail com>
Date: Tue, 4 Jan 2011 14:50:55 -0700
Funk, I think this would be possible: http://technet.microsoft.com/en-us/sysinternals/bb897553 psexec -l flag: Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity Better get good at priv escalation :) -Brian On Tue, Jan 4, 2011 at 1:57 PM, funk flavor <funkflavor () gmail com> wrote:
Hi all, I was guessing if the smb_relay module could be used even if the relayed authentication was not an admin one. Well I know the smb_relay module tries to connect to ADMIN$. But if the goal of the test is only showing that NTLM authentication can be spoofed then the module could be tweaked to map to another share, right ? Then instead of uploading a payload it could just list the content of the share, still right ? Thx ! _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Using smb_relay without admin access funk flavor (Jan 04)
- Re: Using smb_relay without admin access Brian (Jan 04)