Re: BypassUAC not working against Windows 7 x86

[Drforbin <drforbin6 () gmail com>]

sorry about missing last part...
Have you tried manually uploading to make sure uploading works?
The firewall stuff is not important because have a meterpreter session.
Your using reverse_tcp I assume?
it should try and upload bypassuac-x64.exe or bypassuac-x86.exe and a 
meterpreter exe.
the file names will be randomized..


drforbin


On 12/04/2011 03:09 AM, firstname lastname wrote:
> I guess, you missed out my note at the end of my post which says that 
> there is not sort of AV running on the target machine.
>
> I even captured the network traffic while the exploit was run and the 
> bypassuac script was executed. There was no executable present in the 
> PCAP file either. There were files only specific to the Browser Exploit.
>
> Regards,
> NeonFlash
> ------------------------------------------------------------------------
> *From:* Drforbin <drforbin6 () gmail com>
> *To:* firstname lastname <psykosonik_frequenz () yahoo com>
> *Cc:* framework () spool metasploit com
> *Sent:* Sunday, December 4, 2011 10:21 AM
> *Subject:* Re: [framework] BypassUAC not working against Windows 7 x86
>
> I think what is happening is the AV is finding the meterpreter 
> shellcode executable which bypassuac uploads to the system...I had 
> this same issue and tracked it down to this.
> Metasploit  executables even when encoded can be found pretty easy by 
> some AV software.
>
>
> drforbin.
>
>
> I hope this helps...let me know.
>
>
>
>
>
>
> On 12/03/2011 11:00 PM, firstname lastname wrote:
> > I am trying to gain Local System Privileges on a Windows 7 x86 target 
> > system. I have a meterpreter reverse tcp shell on the victim's 
> > machine after a successful browser exploit on MSIE version 8.0 
> > running on the target machine.
> >
> > sysinfo output:
> >
> > Computer        : Neon-PC
> > OS              : Windows 7 (Build 7601, Service Pack 1).
> > Architecture    : x86
> > System Language : en_US
> > Meterpreter     : x86/win32
> >
> > getuid output:
> >
> > Server username: Neon-PC\Neon
> >
> > Next I run the bypass uac script as follows:
> >
> > use post/windows/escalate/bypassuac
> >
> > Output:
> >
> > [*] Started reverse handler on 192.168.2.6:4444
> > [*] Starting the payload handler...
> > [*] Uploading the bypass UAC executable to the filesystem...
> > [*] Meterpreter stager executable 73802 bytes long being uploaded..
> > [*] Uploaded the agent to the filesystem....
> >
> > Next, when I type in getsystem, I still get the error as:
> >
> > priv_elevate_getsystem: Operation failed: Access is denied.
> >
> > I have gone through the ruby script, bypassuac.rb and looks like it's 
> > executing properly till the end. As a last step, after uploading the 
> > UAC bypass agent to target machine, it has to execute it.
> >
> > But, looks like that is not happening. I even checked the %temp% 
> > directory on the target Windows Machine for the presence of any exe 
> > and did not find one.
> >
> > Any help here would be appreciated.
> >
> > PS: I have disabled Windows 7 Firewall as well, just in case that 
> > would be blocking any transfer of file. Also, there's no third party 
> > antivirus installed on the target machine.
> >
> > Regards,
> > NeonFlash
> >
> >
> >
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework