Author Archives: Pentester

30 Dec

linux下把普通用户权限改为管理员

怎么才能实现一个新建好的用户(例如aaa)把他的权限改为管理员的权限? 1、添加用户,首先用adduser命令添加一个普通用户,命令如下: #adduser tommy //添加一个名为tommy的用户 #passwd tommy //修改密码 Changing password for user tommy. New UNIX password: //在这里输入新密码 Retype new UNIX password: //再次输入新密码 passwd: all authentication tokens updated successfully. 2、修改 /etc/sudoers 文件,找到下面一行,在root下面添加一行,如下所示: ## Allow root to run any commands anywhere root ALL=(ALL) ALL tommy ALL=(ALL) ALL 修改完毕,现在可以用tommy帐号登录,然后用命令 su – ,即可获得root权限进行操作。 其他回答 把/etc/passwd 文件里的aaa用户的ID值改成0即可 例如0:0 Original Link

read more »
30 Dec

Windows Privilege Escalation

Automation windows-privesc-check – Windows Privilege Escalation Scanner Remote MS08-067/CVE-2008-4250 2K/XP/2K3 MS08-067 NetAPI bindshell MS15-134/CVE-2015-6131 Microsoft Windows Media Center Library Parsing RCE Vulnerability aka “self-executing” MCL File MS16-059/CVE-2016-0185 Microsoft Windows Media Center .MCL File Processing Remote Code Execution (MS16-059) Local MS10-015/CVE-2010-0232 Windows NT/2K/XP/2K3/VISTA/2K8/7 x32 ONLY – NtVdmControl()->KiTrap0d local ring0 exploit MS11-046/CVE-2011-1249 – Windows x86 (all versions) Afd.sys Privilege Escalation Exploit.MS11-046 – the SYSTEM shell will […]

read more »
MS11-080: Privilege Escalation (Windows)
30 Dec

MS11-080: Privilege Escalation (Windows)

So, I’ve been neglecting this blog lately, while attending the Pentesting with BackTrack course and now studying for my Offensive Security Certified Professional exam. In preparation for the exam, I figured I would start looking for some local privilege escalation exploits. So, I went to the old faithful exploit-db.com and found MS11-080 Afd.sys Privilege Escalation Exploit, which exploits MS11-080. […]

read more »
30 Dec

Windows Privilege Escalation – a cheatsheet

This is a work in progress. Additions, suggestions and constructive feedback are welcome. The purpose of these cheatsheets is to, essentially, save time during an attack and study session. Stored credentials Search for credentials within: c:\unattend.xml Unattend credentials are stored in base64 and can be decoded manually with base64: user@host $ base64 -d cABhAHMAcwB3AG8AcgBkAFAAYQBzAHMAdwBvAHIAZAA= Metasploit Framework […]

read more »
30 Dec

Privilege Escalation – Metasploit

Frequently, especially with client side exploits, you will find that your session only has limited user rights. This can severely limit actions you can perform on the remote system such as dumping passwords, manipulating the registry, installing backdoors, etc. Fortunately, Metasploit has a Meterpreter script, ‘getsystem’, that will use a number of different techniques to attempt […]

read more »
30 Dec

Windows privilege escalation exploit

Hi, I’m having troubles with exploit/windows/local/ms14_058_track_popup_menu. Here is some info: meterpreter > sysinfo Computer : WORKSTATION1 OS : Windows 7 (Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Meterpreter : x64/win64 meterpreter > getuid Server username: CONTOSO\allenbrewer meterpreter > getsystem [-] priv_elevate_getsystem: Operation failed: The environment is incorrect. msf > use […]

read more »