iwavetostars
2013-10-08, 00:20
Good day.
Short on me: I'm a newbie, I learn super fast. Call me Star.
I will try to give the information as best as I can - Remember that I'm a newbie.
I'm playing with meterpreter and its sweet documentation. After targeting a machine(Infection done through .exe file, does it even matter?), here's what happened:
I've found myself in the situation where my target is running on a W7 X64 machine, no updates - that's no problem, the problem comes when I try to run scripts such as "getgui". It just blankly tells me "Access denied." or "Not Enough Privileges". The user has the protection up, meaning everytime he clicks something/an action happens the Windows Protection Popup opens.:rolleyes:
(priv doesn't work - The same thing. Also, migrate doesn't work either.) - No syntax errors, I've triple checked everything before execution and it works, just that I get the privilege messages.
Sweet, so then I upload and run http://www.exploit-db.com/exploits/25912/ (CVE: 2013-3660) on the target (After compiling). Successfully deployed & executed on local - Had some issues on the target but not my concern for now, I'll find a way there.
What do I do in case my target has updated W7 and CVE: 2013-3660 is fixed? I'd love it if you guys could point me to learning more about it.
Aftermath/Real Questions: How do I play with priv escalation? Any documentation on it?
The obvious answer would be: "You'll either have to write something yourself, find a 0day" - I can't speak of such things, just a newbie. I'd love to get another answer rather than "Call it a day and give up.".
Thank you guys.
Short on me: I'm a newbie, I learn super fast. Call me Star.
I will try to give the information as best as I can - Remember that I'm a newbie.
I'm playing with meterpreter and its sweet documentation. After targeting a machine(Infection done through .exe file, does it even matter?), here's what happened:
I've found myself in the situation where my target is running on a W7 X64 machine, no updates - that's no problem, the problem comes when I try to run scripts such as "getgui". It just blankly tells me "Access denied." or "Not Enough Privileges". The user has the protection up, meaning everytime he clicks something/an action happens the Windows Protection Popup opens.:rolleyes:
(priv doesn't work - The same thing. Also, migrate doesn't work either.) - No syntax errors, I've triple checked everything before execution and it works, just that I get the privilege messages.
Sweet, so then I upload and run http://www.exploit-db.com/exploits/25912/ (CVE: 2013-3660) on the target (After compiling). Successfully deployed & executed on local - Had some issues on the target but not my concern for now, I'll find a way there.
What do I do in case my target has updated W7 and CVE: 2013-3660 is fixed? I'd love it if you guys could point me to learning more about it.
Aftermath/Real Questions: How do I play with priv escalation? Any documentation on it?
The obvious answer would be: "You'll either have to write something yourself, find a 0day" - I can't speak of such things, just a newbie. I'd love to get another answer rather than "Call it a day and give up.".
Thank you guys.