P@c_M@n Posted December 11, 2010 Share Posted December 11, 2010 (edited) Hey guys, i was recently messing around with metasploit and i noticed something funny when i get a meterpreter shell. I am using a Backtrack 4 R2 Virtual Machine in Virtual Box and I am attacking my host OS which is Windows 7. I have also tried attacking Windows Vista with the same errors. So, first i used the "migrate" command to migrate to explorer.exe. So far so good. Okay, well then i tried the "getsystem" command to see if i could somehow elevate my privileges. But i got this error message: [-] priv_elevate_getsystem: Operation failed: Access is denied. And if i try to "run hashdump" i get this message: [*] Obtaining the boot key... [*] Calculating the hboot key using SYSKEY 1be5f252dcedd5d487c5644a3b497236... [-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_create_key: Operation failed: Access is denied. [-] This script requires the use of a SYSTEM user context (hint: migrate into service process) Is something wrong with metasploit or did I miss something? Edited December 11, 2010 by Ghost_System Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 12, 2010 Share Posted December 12, 2010 Is the victims machine fully patched? Also make sure that, UAC is not being used in Vista or Windows7, as it could be blocking the attacks. And resulting in the erros you are receiving. I also did a big of Googling and found this http://www.backtrack-linux.org/forums/beginners-forum/32848-unable-dump-hashes-win7-meterpreter.html Quote Link to comment Share on other sites More sharing options...
P@c_M@n Posted December 12, 2010 Author Share Posted December 12, 2010 The Vista computer is, but not the windows 7 computer. Thanks for the help Inflitrator. I'll try turning off the UAC and tell you if it works. Quote Link to comment Share on other sites More sharing options...
P@c_M@n Posted December 12, 2010 Author Share Posted December 12, 2010 okay i tried to turn off UAC on the 7 computer. Hashdump and getsystem still give them the same errors. I think ill start up a virtual Windows XP machine and try them against it. Any other ideas about whats wrong? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 12, 2010 Share Posted December 12, 2010 I will head to my virtual lab and see if I get the same results, if I don't I will let you know. Quote Link to comment Share on other sites More sharing options...
P@c_M@n Posted December 12, 2010 Author Share Posted December 12, 2010 (edited) Thanks Infiltrator. I tried the hashdump and getsystem commands on a virtual windows XP machine and they worked with no problems whatsoever. Guess it was the UAC after all. Tell me if you get any different results. Edited December 13, 2010 by Ghost_System Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.