Privilege escalation on win7

[compaq]

Hi
Is there any way to get admin privielage from a user account on windows 7, tools or command line

Thanks

[Ironpunch]

I think you could use some stdapi commands, migrate to a system level privilege and then escalate windows 7.

[rastamouse]

In a word, yes. There are plenty of of priv esc modules in the Metasploit Framework for example.

[pr0min3nt]

Yes, although this is highly illegal and you will be arrested. I've been arrested for hacking the DoD with BackTrack 3.

[compaq]

IronPunch what api would you use, dllinjection?
Rastamouse, Can you create a exe that adds a admin account, I really don't know much about Metasploit, what command would I type

Thanks

[pr0min3nt]

compaq, if you're using metasploit use msfencode with the original exe file and use the reverse_tcp payload

[daedalus1776]

Yes, although this is highly illegal and you will be arrested. I've been arrested for hacking the DoD with BackTrack 3.

...It's nice they give you a computer in prison...

And it's not illegal if you have permission to do so, which is the assumption here.

Compaq:
In what situation are you? Are you an unprivileged user on the actual machine? Or do you have a remote connection and trying to priv esc?

[compaq]

daedalus1776 it is remote, cmd shell, but would beable to upload files

[daedalus1776]

Maybe look into Incognito and Token Impersonation. Should be a good start.

[SilicaG]

Hi, you can try something like Windows Task Scheduler Privilege Escalation (http://www.exploit-db.com/exploits/15589/) or KiTrap0D (http://www.exploit-db.com/exploits/11199/).
You can also upload a meterpreter reverse/bind shell and try the meterpreter getpriv.