Header Banner
Null Byte Logo
Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker

Post-Exploitation Privilege Escalation

Screenshot of terminal output showing the process of a computer exploit injection and the status of a Meterpreter session.

Hey everyone, I've been encountering some problems with privilege escalation when the target has an AV installed, so here's a tutorial for when the almighty "getsystem" doesn't cut it and "bypassuac" gets blocked by the AV. The machine is running Windows 7

Get a Meterpreter Session Running on the Target Machine

Post-Exploitation Privilege Escalation

As you can see on the picture above we don't have administrator rights over the system. Let's try using "getsystem" and attempt to own the PC.

Error message indicating access denial in a terminal window.

If this happens, we need not lose hope, we can use a local exploit to still try and get admin rights. The exploit we'll use is "ms14_058_track_popup_menu", so background the session and select it as your exploit (its CVE is 2014-4113).

Terminal command interface displaying search results for a CVE (Common Vulnerabilities and Exposures) related to a software exploit.

Now we just need to set the options for the exploit. Set the session option to the session you just backgrounded and everything else should be all set. All we need to do now is type in "exploit" and wait to see what happens.

Metasploit terminal output displaying a reverse shell exploit execution.

And voila! You now own the machine and can do whatever you want with it. Stay tuned to Null-Byte for more awesome tutorials on hacking!

EDIT: It's not always the antivirus that's causing the issues, but most of the time it's responsible for most of the difficulties one might encounter.

Apple's iOS 26 and iPadOS 26 updates are packed with new features, and you can try them before almost everyone else. First, check Gadget Hacks' list of supported iPhone and iPad models, then follow the step-by-step guide to install the iOS/iPadOS 26 beta — no paid developer account required.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!