PDA

View Full Version : BT5-R3_attempt-to_privilege-escalation_&_hashdump_vs_ win7-sp1-patched(AV-enable)



zimmaro
09-04-2012, 01:50 AM
hi guys :)
in this "" video "(i think) I tried to have" "privilege-escalation" "in my win 7-sp1-fully_patched with AV enable
after trying to use the module msf (post / windows / escalate / bypassuac) which was LOCKED out of my system by antivirus .. (& I do not want to kill it) .. reading on the net I tried another way ..... .
I am not able to judge whether this method is correct or incorrect & useless ....(i'm not a pentester)
I have just tried it! :)
if you want to see the video ... bad ..... & ... full of errors:

http://vimeo.com/48773626

PS (the material that helped me prepare for the prior two payloads is in the forum & in the network)

bye-zimmaro the_g0at-brain

AHKAD
09-18-2012, 08:59 AM
seems good and fun to try
thanks for share ...

bigfatcat
09-24-2012, 07:32 PM
where can i download it?give me a link ,thanks for share

zimmaro
09-25-2012, 11:43 AM
hi :)
these are some links that helped me to evading -MY av's:
http://www.backtrack-linux.org/forums/showthread.php?t=48522&highlight=av+evasion
http://www.backtrack-linux.org/forums/showthread.php?t=50310&highlight=av+evasion
http://pentestlab.wordpress.com/tag/antivirus-evasion/
http://www.backtrack-linux.org/forums/showthread.php?t=48283
http://www.backtrack-linux.org/forums/showthread.php?t=48077
bye

Hizagashira
09-27-2012, 03:52 PM
this is great!!!
thank you zimmaro! very very useful!

zimmaro
11-10-2012, 10:06 AM
hi :)
For those interested:
update!

* I also tried the "" new "" local <exploit / windows / local / bypassuac>
works great with my (AV's-off)

* I also tested the "" method "" in the video versus >> windows 8 pro with AV-ON (microsoft) && worked wonderfully!
regards

jnpa123
11-10-2012, 07:24 PM
On the Win 8 you tried on a x64 machine? if so after bypassing uac and getting system were you able to migrate to a x64 system privilleged process?

Humm, nervermind i just tried on some other process it worked, it looks like i was trying the worng process hehehe

zimmaro
11-11-2012, 09:17 AM
On the Win 8 you tried on a x64 machine? if so after bypassing uac and getting system were you able to migrate to a x64 system privilleged process?

Humm, nervermind i just tried on some other process it worked, it looks like i was trying the worng process hehehe

hi jnpa123 :)

yes my win 8 is x64
I do NOT have "depth" (I would not be able) :) I ONLY executed the commands of the "" video "" >> vs win8
and the result was the same!
I have not tested the migration to "" admin-privileged-process "" .... if you tell me that does not work I BELIEVE you! ...
bye & thk for interest!
link to 5 screenshots of my test:
http://imageshack.us/f/825/w81y.png/
http://imageshack.us/f/441/w82.png/
http://imageshack.us/f/825/w83.png/
http://imageshack.us/f/18/w84.png/
http://imageshack.us/f/842/w85.png/

regards

JUGGLER
01-28-2013, 04:39 PM
Ciao zimmaro e grazie per i video veramente istruttivi !! ( trad. "Hi zimmaro, thanks for the very informative video")

Now there is a new bypassuac exploit on Metasploit that support EXE::Custom

http://www.metasploit.com/modules/exploit/windows/local/bypassuac

work perfect (max. uac supported is default) whit custom exe

my problem is i can not make a good exe to bypass my AV (avira)
but just because i am a noob at this...
Well my idea was create a PAYLOAD whit S.E.T. since it integrate obfuscation
but for some reason that i don't understand web_attack(java) bypassAV but
the exe create for use whit exploit bypassuac don't !! anyway i have tried every solution
posted here whit no success ...

zimmaro
01-29-2013, 03:53 PM
Ciao zimmaro e grazie per i video veramente istruttivi !! ( trad. "Hi zimmaro, thanks for the very informative video")

Now there is a new bypassuac exploit on Metasploit that support EXE::Custom

http://www.metasploit.com/modules/exploit/windows/local/bypassuac

work perfect (max. uac supported is default) whit custom exe

my problem is i can not make a good exe to bypass my AV (avira)
but just because i am a noob at this...
Well my idea was create a PAYLOAD whit S.E.T. since it integrate obfuscation
but for some reason that i don't understand web_attack(java) bypassAV but
the exe create for use whit exploit bypassuac don't !! anyway i have tried every solution
posted here whit no success ...

hi Juggler:
I can not remember if the method of the video was prior to the release "of the exploit-bypassuac"
I would not use (my insignificant opinion) an "attack in java" because the victim should be "vulnerable"to it (i don't know is your victim-java-affected)... ..... as well the bypass AV!
look on the net .... is there any way to bypass even "AVIRA" with a "" special-shellcode "" (prepare by MSF) && insert "C #-template"
to compile it & used as "custom-exe"
sorry my language
bye

JUGGLER
01-29-2013, 08:38 PM
Hi zimmaro,
i have tried to make some ""base.c"" maybe i have not generate to much random, or not the right MSFEncoder
I'm totally newbie maybe best if AVoffLine next try, whit result of search ;-)
thanks
("I'm my victim, no matter right now what's attack but How to bypassuac")
ciao