Hi. I have gotten a meterpreter session on my W8.1 x64 machine. I cant use getsystem and some other good stuff and i figured it was because of the meterpreter being x86. So I wanted to use payload inject to get a x64 meterpreter instead, which failed because it could not get a proper PID. When i use ps in meterpreter it shows very little processes. Where am I going wrong?
Forum Thread: payload_inject and Processes Shown in Meterpreter
- Hot
- Active
-
Forum Thread: Free Proxy Servers? 9 Replies
18 hrs ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 32 Replies
1 day ago -
Forum Thread: 12 Ways How to Hack Any Social Network and Protect Yourself 2018 1 Replies
2 days ago -
Metasploit Error: Handler Failed to Bind 40 Replies
5 days ago -
Forum Thread: How to Know if You Are a Script Kiddie? 9 Replies
2 wks ago -
Forum Thread: How to Identify and Crack Hashes 8 Replies
2 wks ago -
Forum Thread: How to Hack School Website 8 Replies
3 wks ago -
Forum Thread: Whenever I Try "Airmon-Ng Start wlan0" There's an Error? 16 Replies
3 wks ago -
Forum Thread: How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux 14 Replies
3 wks ago -
Forum Thread: Awesome Keylogging Script - BeeLogger 30 Replies
1 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 27 Replies
1 mo ago -
Forum Thread: Complete Guide to Creating and Hosting a Phishing Page for Beginners 48 Replies
1 mo ago -
Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom? 121 Replies
1 mo ago -
How to: Minecraft DoS'Ing with Python. 1 Replies
2 mo ago -
Forum Thread: HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone 17 Replies
2 mo ago -
Forum Thread: Tools for Beginner Hacker 3 Replies
2 mo ago -
Forum Thread: How to Embed an Android Payload in an Image? 9 Replies
3 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 46 Replies
3 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 11 Replies
3 mo ago -
Forum Thread: Fix Initramfs Problem 5 Replies
3 mo ago
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Dox Anyone
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Brute-Force Nearly Any Website Login with Hatch
-
How To: Install Kali Linux as a Portable Live USB for Pen-Testing & Hacking on Any Computer
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
Hacking Windows 10: How to Dump NTLM Hashes & Crack Windows Passwords
-
How To: Scan Websites for Interesting Directories & Files with Gobuster
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To: Manually Exploit EternalBlue on Windows Server Using MS17-010 Python Exploit
-
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To: Make Spoofed Calls Using Any Phone Number You Want Right from Your Smartphone
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Upgrade a Dumb Shell to a Fully Interactive Shell for More Flexibility
-
News: Hack Your Computer's BIOS to Unlock Hidden Settings, Overclocking & More
-
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
11 Responses
How did you infect the target ? Because I only see webbrowser or Notepad.
I guess you used a web exploit.
When I tested such infection with Hacking team Flash Exploit, the remote session only has access to firefox associated processes and not to the users one.
Try to upload an executable on the hard drive and launch it via cmd from your meterpreter.
Or upload an trojanized exe , and launch it manually in your target.
See the differences :)
Typically you could migrate to the explorer.exe which is x64 and having fun :)
Thanks for your reply.
I used browserautopwn. Im pretty sure that when I used that same exploit on XP and 7 x86 it gained access to all processes but I might be misremembering. Can't test it because I deleted those VMs. I thought about uploading an executable payload but I was afraid AV would pick up on that, and I was not sure if I could disable AV services without a system account. But since that is also done from cmd (i forgot about that part) i guess it will work :)
I haven't tryed this on Windows 8.1, but you could try to use:
msf> use exploit/windows/local/bypassuac
This is like a post exploit, you need to have an active session, then background it and launch the exploit.
The setting are quite easy, first set SESSION (your active session ID), then create another payload and set your LHOST and an alternative LPORT, for example I change it to 5555, you can't run two payloads on the same port at the same time.
Also make sure to set the target, you have two options, x64 or x86.
Then just exploit and see if successful. If everything is fine you should manage to use the 'getsystem' command and get full control on the target.
Let us know if it worked.
Good luck!!!
Thanks for your reply. I actually think I tried that, can't remember for sure, so I will definitely try that again :). If I did, I probably did not change the target. Did not know i had to use another port. I will get back with the results.
Unfortunately it returned: Exploit aborted due to failure: no-access: Cannot BypassUAC from Low Integrity Level.
Typically you re into the browser session , which is different from the user session.
Browser processes are in your case Low integrity , very low power of action.
User processes are in medium integrity , and if the User is local admin , you can use bypassuac function which uses Dll Hijacking to spawn a High Level Processes.
High Level Processes are processes from NT Authority/System , if you can migrate into one , you are the king on the infected system.
Av are easy to bypass :) : Keywords Veil-Project / Shellter.
Have Fun :)
Oh i see. Thank you very much for the explanation. I was convinced that meterpreter just "took over" the system whichever way it entered :). I will look into that. Thanks :)
Clearly no :) , having a remote control is far away from pwning the system.
You can have fun with a simple meterpreter , but with admin privs aka High Process integrity meterpreter you control the entire machine , persists into it and do full of bad (cool) stuff ! :)
Be Fun , Be Ethic
I just complicated things for myself when there was a simple explanation :).
Indeed. Had full control over my XP VM and that was way more satisfying. I guess I used a specific exploit on that. I suppose social engineering is the way to go for real world application, atleast for full control. Autopwn was a nice fantasy :).
Yep , if you're interested in browser attack, i can lead you to study the Beef framework , or some drive-by attacks such as Trojan firefox plug-in :).
Have fun :)
Thanks again. You have been most helpful! :)
Share Your Thoughts