Forum Discussion

kevinh's avatar
kevinh
Icon for Bronze I rankBronze I
4 days ago
Solved

CVE-2019-1388 (Windows Priv Esc UAC Bypass) question 4

after transferring the certification of the executable given online. and changing the name and saving the file, I cant seem to change it the whoami output to NT Authority. 

should I be targeting a different executable file? like a legitimate one?

should the browsing to the certificate error be displayed as unable to connect, or if I should be getting a different error.

After downloading the certificate, should I be doing something else other than immediately going on cmd.exe and typing whoami. ie. running the certificate or storing it somewhere other than the name told to in briefing? saving the certificate does not seem to change anything.

defensive cyber
help & support
immersive labs

3 Replies

Sort By
  • kevinh's avatar
    kevinh
    Icon for Bronze I rankBronze I
    4 days ago

    for some reason after doing all that I am getting this: 

     

  • steven's avatar
    steven
    Icon for Silver I rankSilver I
    4 days ago

    use the target on the desktop, just follow the instructions:

    1. Right click the .exe file of the desktop and run as administrator
    2. Click ‘show more details’
    3. Click ‘show information about the publisher’s certificate' 
    4. Click the ‘issued by’ hyperlink ---> the browser will be opened in the background
    5. Click ‘OK’
    6. Click ‘no’ on the UAC window

      now in the browser:
    7. Once the page fails to load, click the cog icon in the top right
    8. Select File → Save As
    9. Accept the warning message by clicking ‘OK’
    10. In File, name type c:\windows\system32\*.*
    11. Locate cmd.exe and right-click → Open

    then you should have a window open with system rights: