Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BypassUAC not working against Windows 7 x86

From: firstname lastname <psykosonik_frequenz () yahoo com>
Date: Sun, 4 Dec 2011 15:16:45 -0800 (PST)
I would like to press up on the original topic. If you have queries regarding AV bypass using MetaSploit, kindly open 
up a new thread.

This thread relates to the IE Protected Mode problem which restricts us to upload bypassuac-x86.exe file only to a 
specific path. Any workarounds for that?

Is it possible to execute bypassuac-x86.exe from the LocalLow folder and escalate the privileges?

NeonFlash



________________________________
 From: Drforbin <drforbin6 () gmail com>
To: Matthew Presson <matthew.presson () gmail com> 
Cc: framework () spool metasploit com 
Sent: Sunday, December 4, 2011 9:47 PM
Subject: Re: [framework] BypassUAC not working against Windows 7 x86
 
Matt,

    Yes I did...If you want to get around AV you really have to write your own code.
Metasploit remember is  framework, and a great one, but it is only a starting point.
What I did to get around it was write my own payload (.exe) which integrated into metasploit.
These were uploaded by a modified bypassuac.rb (script/post module), AV missed them and there you go root (SYSTEM) 
access. AV is not as smart as it's proponents make it out to be.

I hope this helps...
need anything else please ask.


drforbin




On 12/04/2011 10:17 AM, Matthew Presson wrote:

Drforbin,

I have also run into the same AV problem you mention. Did you ever
come up with a workaround to bypass the AV?

Matt
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: