.

Escalating Windows --help

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Aug 30, 2012 10:17 pm

Escalating Windows --help

Guys

For the last week I got shell in three machines and stuck escalating windows, I tried to use MS11-080 AND PwDump7.exe to get the hashes, etc, etc....

I can upload files to the server and connect with netcat but the user is very limited.

Do you have any site where I can check how to escalate privilege in Windows, I am not asking how to do it (otherwise I will not learn how to do it), I am asking websiteS with some ideas, I've been looking for and trying HARDER, LOL

Thanks.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Thu Aug 30, 2012 11:10 pm

Re: Escalating Windows --help

<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Fri Aug 31, 2012 3:11 am

Re: Escalating Windows --help

| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Aug 31, 2012 4:24 pm

Re: Escalating Windows --help

Thanks guys, I just read two articles of the links and I got a bunch of ideas, good, this is what I was looking for.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Aug 31, 2012 7:54 pm

Re: Escalating Windows --help

There are several ways. This is a nice new shiny local priv exploit for Windows Server x64:
http://www.exploit-db.com/exploits/20861/

There are other ways too. I just released a local priv exploit for a third party software:
http://www.exploit-db.com/exploits/20915

Point is, look for installed third party apps that have local priv exploits if the box is totally patched.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Aug 31, 2012 8:01 pm

Re: Escalating Windows --help

cd1zz wrote:

Point is, look for installed third party apps that have local priv exploits if the box is totally patched.


I agree, this is the part I am working right now, look for weak services and their applications installed.

I know I could find a remote exploit or use meterpreter, but not, I want to do it manually, I got shell with netcat using a asp shell. I need to master it, I think is more difficult to escalate that to get shell.

Also something that mess up a lot is that sometimes when I type the wrong command or wrong way I loose connection, lol..... TRY HARDER and write down how you got shell ASAP
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Aug 31, 2012 8:09 pm

Re: Escalating Windows --help

Oh sorry, now I know what you're doing. If you can transfer files to the server with your aspshell, you can upload your own exe and execute the file. Usually the problem you'll run into there is the non-interactive shell but you can get around that...
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Aug 31, 2012 9:31 pm

Re: Escalating Windows --help

I got some kind of interactive shell but sometimes with some errors stop, anyway I come in
10 second later, lol
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software