Meterpreter - Advanced Privilege Escalation?

[iwavetostars]

Good day.

Short on me: I'm a newbie, I learn super fast. Call me Star.

I will try to give the information as best as I can - Remember that I'm a newbie.

I'm playing with meterpreter and its sweet documentation. After targeting a machine(Infection done through .exe file, does it even matter?), here's what happened:

I've found myself in the situation where my target is running on a W7 X64 machine, no updates - that's no problem, the problem comes when I try to run scripts such as "getgui". It just blankly tells me "Access denied." or "Not Enough Privileges". The user has the protection up, meaning everytime he clicks something/an action happens the Windows Protection Popup opens.
(priv doesn't work - The same thing. Also, migrate doesn't work either.) - No syntax errors, I've triple checked everything before execution and it works, just that I get the privilege messages.

Sweet, so then I upload and run http://www.exploit-db.com/exploits/25912/ (CVE: 2013-3660) on the target (After compiling). Successfully deployed & executed on local - Had some issues on the target but not my concern for now, I'll find a way there.

What do I do in case my target has updated W7 and CVE: 2013-3660 is fixed? I'd love it if you guys could point me to learning more about it.

Aftermath/Real Questions: How do I play with priv escalation? Any documentation on it?

The obvious answer would be: "You'll either have to write something yourself, find a 0day" - I can't speak of such things, just a newbie. I'd love to get another answer rather than "Call it a day and give up.".

Thank you guys.

[the_z_1]

Read more your half way there so why give up now and don't look for the obvious .

[DaciSS]

meterpreter > use priv \\must load priv to be able to use getsystem
meterpreter > getsystem \\attempt to elevate your privilege to SYSTEM

meterpreter > migrate PID \\will became same user privilege as the user under process PID

Is UAC enabled on the Win 7? If yes then getsystem will fail, try "run bypassuac"
AV can also block them.

Besides the above two methods, Google for these two : Privilege escalation with impersonation tokens/load incognito and steal_token

[iwavetostars]

Daci - meterpreter on Kali no longer recognized "run bypassuac" instead I had to use exploit/windows/local/bypassuac (Just saying). It does its job and acquiring hashdumps is done super fast.

UAC enabled, ofcourse. Everything is set up "secure" except the fact that I took down the anti-virus as bypassing them is not my thing right now.

I'll look into steal_token and impersonating of tokens. Thank you a lot!

[gnorr4]

Hey there, I'm also a newbie, but I think if you have troubles with privilege escalation you could just make the payload "ask" to be runned as administrator, that would automatically give it admin privileges, I think

[polyphemus]

migrate to a process with higher privileges, then run persistence or setup a met service. You can also do a netcat backdoor if the system doesn't have an antivirus loaded, or even try disabling the antivirus....OR after you've enumerated the box, find a way to whitelist your traffic (this would be ideal) through the command line options of that antivirus product.