Jump to content

Applications in Memory!


MB60893
 Share

Recommended Posts

Hi everyone,

I have seen the PowerSploit script on how Mimikatz can be loaded entirely into memory and used to dump credentials, and I was thinking would it be possible to load a program from metasploit, like bypassuac, which would usually be detected by an antivirus program into memory and use it from there? This could give you admin access to just about anything. Sadly, my knowledge on how to do this is lacking. If anyone could help with this, it would be much appreciated! :)

Cheers,

MB60893

Link to comment
Share on other sites

meterpreter loads in memory to begin with to bypass being picked up by AV, or can migrate to running processes to escalate privileges as system processes, but there is also a post exloit for bypassing uac already in metasploit which should be used after getting a session and before trying anything else to become system.

http://www.rapid7.com/db/modules/exploit/windows/local/bypassuac

Link to comment
Share on other sites

Marvelous. I am new to metasploit and I have the framework edition. To run the meterpreter, do I need a linux based OS, or can I use Cygwin or some other terminal emulator to get things done on my windows machine? (I don't want to use the community edition if I can help it!) :)

Link to comment
Share on other sites

EDIT ON POST:

Is it possible to use the bypassUAC exploit on a machine with no privileges? I imagine not, but I need this to work. Any ideas?

Link to comment
Share on other sites

Setup a lab of VM's and play with them at home to learn. Metasploit runs on Linux, Windows and other OS's but easiest is just to use Kali with it pre-installed and then attack some of your own virtual machines. If doing this against someone else's machine you don't have permission for, you're on your own though.

Link to comment
Share on other sites

Nice. I really appreciate your help with this. Don't worry about me breaking any computer systems which I shouldn't be on. I am just demonstrating how you can exploit several venerabilities in systems with tools in memory. It is really a test which I am demonstrating.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...