OK, let me rephrase the question. What's the best approach for privilege escalationion in vista after getting a meterpreter session?
How to use hashdump in Vista?
Hi, I'm on BT3, using msf v3.3-dev. Victim is using M$ Vista (it's crap, I know). I'm fine until I got the meterpreter session using reverse TCP. Now, after "use priv", I like to dump the SAM, so used hashdump which shows error:
I tried this on XP box and it works perfectly. Do we have any other command in meterpreter to dump the remote hash for vista? Cheers.meterpreter > hashdump
[-] priv_passwd_get_sam_hashes: Operation failed: 87
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
OK, let me rephrase the question. What's the best approach for privilege escalationion in vista after getting a meterpreter session?
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
thats a good question mate, i try'd to even dump the hashes with other programes and hade little to no luck, just thinking about it not, maby UAC is locking the hash files? let me no how you go,,Originally Posted by kazalku
I would rather be hated for what i am,
Then loved for what i am not.
are you running that as system and its failing? admin and its failing or a user and its failing?
Tried both, even tried without UAC... no luck
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
vista has protections as well as windows 2008, you have to be system to be able to dump the hashes, you can do this by either using an exploit that gives you system or use schtasks to schedule a meterpreter payload to be ran as system if you are administrator on the box, if UAC is enabled you will not be able to schedule it from shell in the video where I cover my winenum script you can see me use at the end use scheduleme script to achieve this
Windows Enumeration Script for Meterpreter on Vimeo
That's great.... worked like a charm. Thank you so much.
Just one small point: for the scheduleme command, I used the same meterpreter exe to connect back to my box. So, I had to open another ./msfconsole to listen for the connection. As you showed in your nice video that it can be done with the same session. Possibly, the exe is different than what I am using. You mentioned to google someone's video but unfortunately I can't get the name. If you kindly mention the name here that will be great. Cheers
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
Hi kazalku, I dont know if you have found your question regarding someone`s video that BadKarmaPR mentioned.
I am a newbee and I think Iam even not qualified to post the link below but I just want to share.
I think BadKarmaPR mention John Strand, his videos are in http :// w w w.vimeo.com/user595761/videos . Cheers
"If it doesn't sleep, doesn't eat, doesn't take **** breaks and plays poker 24 hours a day - it's a bot!"
Thank you so much for the name & the link... I was eagerly waiting for the answer... Cheers
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
The easiest way for me to accomplish this was to upload pwdump6 which has provisions for Vista both 32 and 64-bit hash dumping. Then open a hidden command prompt and dump the hashes to a file and then download the file through MS, delete files after.
Posting Permissions