BT5-R3_attempt-to_privilege-escalation_&_hashdump_vs_ win7-sp1-patched(AV-enable)

**zimmaro** · 09-04-2012, 01:50 AM

hi guys

in this "" video "(i think) I tried to have" "privilege-escalation" "in my win 7-sp1-fully_patched with AV enable
after trying to use the module msf (post / windows / escalate / bypassuac) which was LOCKED out of my system by antivirus .. (& I do not want to kill it) .. reading on the net I tried another way ..... .
I am not able to judge whether this method is correct or incorrect & useless ....(i'm not a pentester)
I have just tried it!

if you want to see the video ... bad ..... & ... full of errors:

http://vimeo.com/48773626

PS (the material that helped me prepare for the prior two payloads is in the forum & in the network)

bye-zimmaro the_g0at-brain

**AHKAD** · 09-18-2012, 08:59 AM

seems good and fun to try
thanks for share ...

**bigfatcat** · 09-24-2012, 07:32 PM

where can i download it?give me a link ,thanks for share

**zimmaro** · 09-25-2012, 11:43 AM

hi

these are some links that helped me to evading -MY av's:
http://www.backtrack-linux.org/forum...ght=av+evasion
http://www.backtrack-linux.org/forum...ght=av+evasion
http://pentestlab.wordpress.com/tag/antivirus-evasion/
http://www.backtrack-linux.org/forum...ad.php?t=48283
http://www.backtrack-linux.org/forum...ad.php?t=48077
bye

**Hizagashira** · 09-27-2012, 03:52 PM

this is great!!!
thank you zimmaro! very very useful!

**zimmaro** · 11-10-2012, 10:06 AM

hi

For those interested:
update!

* I also tried the "" new "" local <exploit / windows / local / bypassuac>
works great with my (AV's-off)

* I also tested the "" method "" in the video versus >> windows 8 pro with AV-ON (microsoft) && worked wonderfully!
regards

**jnpa123** · 11-10-2012, 07:24 PM

On the Win 8 you tried on a x64 machine? if so after bypassing uac and getting system were you able to migrate to a x64 system privilleged process?

Humm, nervermind i just tried on some other process it worked, it looks like i was trying the worng process hehehe

**zimmaro** · 11-11-2012, 09:17 AM

Originally Posted by jnpa123

On the Win 8 you tried on a x64 machine? if so after bypassing uac and getting system were you able to migrate to a x64 system privilleged process?

Humm, nervermind i just tried on some other process it worked, it looks like i was trying the worng process hehehe

hi jnpa123

yes my win 8 is x64
I do NOT have "depth" (I would not be able)

I ONLY executed the commands of the "" video "" >> vs win8
and the result was the same!
I have not tested the migration to "" admin-privileged-process "" .... if you tell me that does not work I BELIEVE you! ...
bye & thk for interest!
link to 5 screenshots of my test:
http://imageshack.us/f/825/w81y.png/
http://imageshack.us/f/441/w82.png/
http://imageshack.us/f/825/w83.png/
http://imageshack.us/f/18/w84.png/
http://imageshack.us/f/842/w85.png/

regards

**JUGGLER** · 01-28-2013, 04:39 PM

Ciao zimmaro e grazie per i video veramente istruttivi !! ( trad. "Hi zimmaro, thanks for the very informative video")

Now there is a new bypassuac exploit on Metasploit that support EXE::Custom

http://www.metasploit.com/modules/ex...ocal/bypassuac

work perfect (max. uac supported is default) whit custom exe

my problem is i can not make a good exe to bypass my AV (avira)
but just because i am a noob at this...
Well my idea was create a PAYLOAD whit S.E.T. since it integrate obfuscation
but for some reason that i don't understand web_attack(java) bypassAV but
the exe create for use whit exploit bypassuac don't !! anyway i have tried every solution
posted here whit no success ...

**zimmaro** · 01-29-2013, 03:53 PM

Originally Posted by JUGGLER

Ciao zimmaro e grazie per i video veramente istruttivi !! ( trad. "Hi zimmaro, thanks for the very informative video")

Now there is a new bypassuac exploit on Metasploit that support EXE::Custom

http://www.metasploit.com/modules/ex...ocal/bypassuac

work perfect (max. uac supported is default) whit custom exe

my problem is i can not make a good exe to bypass my AV (avira)
but just because i am a noob at this...
Well my idea was create a PAYLOAD whit S.E.T. since it integrate obfuscation
but for some reason that i don't understand web_attack(java) bypassAV but
the exe create for use whit exploit bypassuac don't !! anyway i have tried every solution
posted here whit no success ...

hi Juggler:
I can not remember if the method of the video was prior to the release "of the exploit-bypassuac"
I would not use (my insignificant opinion) an "attack in java" because the victim should be "vulnerable"to it (i don't know is your victim-java-affected)... ..... as well the bypass AV!
look on the net .... is there any way to bypass even "AVIRA" with a "" special-shellcode "" (prepare by MSF) && insert "C #-template"
to compile it & used as "custom-exe"
sorry my language
bye

BackTrack Linux - Penetration Testing Distribution

Thread: BT5-R3_attempt-to_privilege-escalation_&_hashdump_vs_ win7-sp1-patched(AV-enable)

Thread Tools

Search Thread

Display