Jump to content

Recommended Posts

Posted

Hi everyone,

I have seen the PowerSploit script on how Mimikatz can be loaded entirely into memory and used to dump credentials, and I was thinking would it be possible to load a program from metasploit, like bypassuac, which would usually be detected by an antivirus program into memory and use it from there? This could give you admin access to just about anything. Sadly, my knowledge on how to do this is lacking. If anyone could help with this, it would be much appreciated! :)

Cheers,

MB60893

Posted

I like to use schtasks with the run as system option because basically any account can schedule tasks. If you can get you exe over to the box you can dump memory and use mimikatz to get the cleartext password. Once you have some good credentials you can psexec around the network.

Posted

meterpreter loads in memory to begin with to bypass being picked up by AV, or can migrate to running processes to escalate privileges as system processes, but there is also a post exloit for bypassing uac already in metasploit which should be used after getting a session and before trying anything else to become system.

http://www.rapid7.com/db/modules/exploit/windows/local/bypassuac

Posted

Marvelous. I am new to metasploit and I have the framework edition. To run the meterpreter, do I need a linux based OS, or can I use Cygwin or some other terminal emulator to get things done on my windows machine? (I don't want to use the community edition if I can help it!) :)

Posted

EDIT ON POST:

Is it possible to use the bypassUAC exploit on a machine with no privileges? I imagine not, but I need this to work. Any ideas?

Posted

Setup a lab of VM's and play with them at home to learn. Metasploit runs on Linux, Windows and other OS's but easiest is just to use Kali with it pre-installed and then attack some of your own virtual machines. If doing this against someone else's machine you don't have permission for, you're on your own though.

Posted

Nice. I really appreciate your help with this. Don't worry about me breaking any computer systems which I shouldn't be on. I am just demonstrating how you can exploit several venerabilities in systems with tools in memory. It is really a test which I am demonstrating.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...