Type : Tips and Trick
Level : Easy
What is privilege escalation?
according to wikipedia Privilege Escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Sometimes when you trying to exploit a security hole and success gain an access to the target system, usually you only act as logged user and it’s not a local system account. In this tips and trick there’s a simple step to escalate your privilege when you’re inside meterpreter. I’ve test and try this tips and trick in my Backtrack 5 and Windows XP SP3 and Windows 7 SP0.
This picture below taken when hackers successfully gain an access using Java Signed Applet Social Engineering Toolkit Code Execution.
When running getuid command, we know that we running as user that already logged in to the system but we didn’t act as system account. How do we do that to escalate our privilege to system account? Let’s run the help command in your meterpreter console.
That’s it, with getsystem command we will try to escalate our privilege into local system and controlled everything from there.
Hope you enjoyed 🙂
FYI : I’ve try to run getsystem in Windows 7 SP1 , but it didn’t work(Update : It will work depend on which kind of vulnerability and exploit you use).