MB60893 Posted January 26, 2014 Posted January 26, 2014 Hi everyone, I have seen the PowerSploit script on how Mimikatz can be loaded entirely into memory and used to dump credentials, and I was thinking would it be possible to load a program from metasploit, like bypassuac, which would usually be detected by an antivirus program into memory and use it from there? This could give you admin access to just about anything. Sadly, my knowledge on how to do this is lacking. If anyone could help with this, it would be much appreciated! :) Cheers, MB60893 Quote
mrhappydude Posted January 27, 2014 Posted January 27, 2014 I like to use schtasks with the run as system option because basically any account can schedule tasks. If you can get you exe over to the box you can dump memory and use mimikatz to get the cleartext password. Once you have some good credentials you can psexec around the network. Quote
digip Posted January 27, 2014 Posted January 27, 2014 meterpreter loads in memory to begin with to bypass being picked up by AV, or can migrate to running processes to escalate privileges as system processes, but there is also a post exloit for bypassing uac already in metasploit which should be used after getting a session and before trying anything else to become system. http://www.rapid7.com/db/modules/exploit/windows/local/bypassuac Quote
MB60893 Posted January 27, 2014 Author Posted January 27, 2014 Marvelous. I am new to metasploit and I have the framework edition. To run the meterpreter, do I need a linux based OS, or can I use Cygwin or some other terminal emulator to get things done on my windows machine? (I don't want to use the community edition if I can help it!) :) Quote
MB60893 Posted January 27, 2014 Author Posted January 27, 2014 EDIT ON POST: Is it possible to use the bypassUAC exploit on a machine with no privileges? I imagine not, but I need this to work. Any ideas? Quote
digip Posted January 28, 2014 Posted January 28, 2014 Setup a lab of VM's and play with them at home to learn. Metasploit runs on Linux, Windows and other OS's but easiest is just to use Kali with it pre-installed and then attack some of your own virtual machines. If doing this against someone else's machine you don't have permission for, you're on your own though. Quote
MB60893 Posted January 28, 2014 Author Posted January 28, 2014 Nice. I really appreciate your help with this. Don't worry about me breaking any computer systems which I shouldn't be on. I am just demonstrating how you can exploit several venerabilities in systems with tools in memory. It is really a test which I am demonstrating. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.