Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Privilege Escalation
- Maintaining Stability
- Escalating Privileges
|
Privilege Escalation
Once we have gained situation awareness, our next goal would be to escalate our privileges to the NT Authority SYSTEM, which has the highest privileges on a Windows machine, or at least we should try to get administrator-level privileges. Most of the commands that we use to further penetrate the network would require administrator-level privileges to run, but before that we will talk about making our meterpreter session stable so that it does not close. Maintaining Stability The Meterpreter session often dies or gets killed, because the process that the meterpreter is running on closes. For example, let’s say we used the aurora exploit to compromise a victim running Internet Explorer 6. Whenever the victim closes his browser, our meterpreter session will die. To mitigate this issue we would need to migrate to another stable process such as explorer.exe or svchost.exe. Luckily, we have a built-in script inside of Metasploit that can help us migrate to another process. For this, we can use a post module called migrate, which is located in the post/ windows/manage/migrate directory. The command is as follows: meterpreter> run post/windows/manage/migrate If you would like to migrate to a specific process, first issue the “ ps ” command to check for PIDs. Postexploitation ◾ 237 We should note down the PID of the process that we would like to migrate to, for example, svchost.exe, which happens to be 856. We will execute the following command from Meterpreter: meterpreter> Migrate 856 If the process has successfully migrated, the output would be something like the following: Escalating Privileges Now that we have moved to a secure process and we are pretty much sure that our session won’t close during our privilege escalation process, we should attempt to escalate the privileges. The fast- est way of escalating privileges with meterpreter is by using the “ getsystem ” command, which consists of many techniques. If one technique fails it will try another one and will report what technique succeeded in escalating the privileges. We can type the command getsystem –h to see what type of techniques meterpreter uses to escalate the privileges. 238 ◾ Ethical Hacking and Penetration Testing Guide You can use a specific technique by using the –t parameter followed by the technique number, but I would recommend that you pass the command without parameter so it can try all the tech- niques to save time. Yüklə 22,44 Mb. Dostları ilə paylaş:
|