msf-auxiliarys / Discussion / General Discussion: MSI_privilege

[ MSI_PRIVILEGE_ESCALATION ]
Version: 1.3 Author: pedr0 Ubuntu [ r00t-3xp10it ]
Hosted By: peterubuntu10[at]sourceforge[dot]net
http://sourceforge.net/projects/msf-auxiliarys/
https://sourceforge.net/p/msf-auxiliarys/repository/ci/master/tree/MSI_privilege_escalation.rb

[ MODULE DESCRIPTION ]
alternate text

[ MODULE ADVANCED OPTIONS ]

[ WORK FLOW - CONFIG REQUIRED SETTINGS ]
'GET_SYSTEM' allows users to elevate current session (client) to nt authority/system
alternate text

[ WORK FLOW - CONFIG REQUIRED SETTINGS ]
'MSI_ESCALATION' allows users to CHECK/SET 'AlwaysInstallElevated' registry keys remottly...
alternate text
If the reg key its allready set to dword:1 in target system, then this funtion will warn attacker
that the bypass its allready active. (so no further need to change reg key data again).

[ WORK FLOW - CONFIG REQUIRED SETTINGS ]
'REVERT_PRIVS' allows users to set 'AlwaysInstallElevated' registry keys to default (dword:0)
alternate text

[ MODULE ERROR REPORTS ]
New metasploit release have changed the class name to use 'MetasploitModule' so
if you are seeing this display it means that your metasploit its using an old class name.
To fix this display just edit one of metasploit module and check what class name
your version its using, then replace in my module the (class MetasploitModule)...
alternate text

[ POST - MODULE LIMITATIONS ]

  This module only runs againts windows systems (native cmd syntax)
  As part of post-exploitation class this module requires one open session
  This module only runs in a meterpreter shell enviroment (meterpreter client)
  "Target system needs to be reboot for the registry changes take effect"...

[ PORT MODULE TO METASPLOIT DATABASE ]

  Kali linux [COPY TO]: /usr/share/metasploit-framework/modules/post/windows/escalate/MSI_privilege_escalation.rb
  Ubuntu linux [COPY TO]: /opt/metasploit/apps/pro/msf3/modules/post/windows/escalate/MSI_privilege_escalation.rb
  Manually Path Search: root@kali:~# locate modules/post/windows/escalate

[ LOAD - USE MODULE ]

  meterpreter > background
  msf exploit(handler) > reload_all
  msf exploit(handler) > use post/windows/wlan/wifi_dump
  msf post(MSI_privilege_escalation.rb) > info
  msf post(MSI_privilege_escalation.rb) > show options
  msf post(MSI_privilege_escalation.rb) > show advanced options
  msf post(MSI_privilege_escalation.rb) > set [option(s)]
  msf post(MSI_privilege_escalation.rb) > exploit

[ CREDITS ]

  'r00t-3xp10it' =>  post-module author
  Inspiration: Ben Campbell | Parvez Anwar
  Module debug: Chaitanya [ SSA RedTeam ]

Suspicious Shell Activity - RedTeam develop @2016

[ VIDEO TUTORIAL ]

Last edit: pedro ubuntu 2016-08-30

MSI_privilege_escalation.rb

collection of msf auxiliary modules

Forums

Help

MSI_privilege_escalation.rb

MSI_privilege_escalation.rb

collection of msf auxiliary modules

Forums

Help

MSI_privilege_escalation.rb document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

MSI_privilege_escalation.rb