Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to understand the local rights of msf". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Local rights of msf 1. Using uac to raise the right

Premise to establish a session connection with the target

Seach local/ask search keyword local/ask

Use 0 goes under the exploit/windows/local/ask module

Show options to view relevant parameters

Set FILENAME qqUPdate.exe sets the file name qqUPdate.exe (any name that is confusing is OK)

Set session 1 sets the session window (check the id of the session first)

Run execution

Target pop-up window

Click Yes to successfully enter the meterpreter command line

At this time, getsystem can successfully increase the power.

two。 Bypass uac authentication

Search bypassuac searches for bypassuac keywords (shows 13 extraction scripts, one for another if not)

Use 3 enters the entitlement script module numbered 3

Show opthions to view relevant parameters

View the session and set the session

Show targets display optional platform

Set target 0 is set to X86

Run execution

The power was successfully raised.

3. Take advantage of windows local rights raising loophole to raise rights.

Cve-2018-8120 Win32k privilege escalation vulnerability], scope of influence (Windows 7 SP1/2008 SP2,2008 R2 SP1)

Search cve-2018-8120 find keywords

Use 0 enters the module

Show options to view relevant parameters

Session View session

Set to session 3 with no permissions

Directly get administrator privileges after entering

This is the end of the content of "how to understand the Local Rights of msf". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.