Forum Thread: PostExploitation with Metasploit over NGROK tunneled session (Privilege Escalation on Windows7 7600 running Quick Heal)

I have port forwarded my local port 4444 with NGROK and use 0.tcp.ngrok.io in payload for lhost and 157xx as lport in payload and set lhost as 127.0.0.1 in handler and 4444 as lport in handler this is how I did it okay https://youtu.be/7ICmUdsNTuM

And now I want to gain privileges on the VM the victim is a Windows 7 VM on my different mobile hotspot.

Now I used exploit/windows/local/bypassuac Now I opened new tunnel on port 4445 and I got tunnel on tcp://0.tcp.ngrok.io:793xx I set lhost and lport as 0.tcp.ngrok.io and 793xx respectively so that after bypassuac is executed stage0 connects to handler and I opened new windows started msfconsole and set payload and lhost as 127.0.0.1 and lport 4445 and the started the handler.

Nothing happened no session and nothing.

Then i thought of escalating privileges by CVE-2015-1701

By this https://github.com/hfiref0x/CVE-2015- 1701/raw/master/Compiled/Taihou64.exe but then it also gets detected by antivirus

The VM has Quick Heal antivirus running so please suggest anything that can help me getting over it

I posted my issue on metaslpoit framework GitHub repository and One of the contribute came up with a solution that Here is the link please have a look here before posting any answer please https://github.com/rapid7/metasploit-framework/issues/9421

I gained a shell on the VM by netcat and then I saw the group of the user that I am working with by net user User12 then it showed me that User12 is a part of administrator group so thought that I can escalate my privileges by this https://github.com/hfiref0x/UACME but when I ran Atari64.exe 1 C:\Users\User12\Desktop\main.exe (main.exe is Meterpreter payload set to connect to me via NGROK all set) nothing happen it's like Atari64.exe didn't executed main.exe

Please help

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active