Thursday, 24 March 2011

Dumping on UAC with Metasploit

Before the likes of Vista, Server 2008 and Windows 7, dumping hashes under meterpreter used to be a trivial process of running getsystem and hashdump. Since then, Microsoft came up with UAC. As you know, this basically requires the user to click a pop-up prompt whenever they wish to perform a function that requires admin level privs, regardless of whether they are an admin on the machine anyway. This prevents us from running many of the regular post-exploit scripts within meterpreter - in particular, hashdump.

Luckily for us, Dave Kennedy and Kevin Mitnic put their heads together and created a module to get around this issue...

The secret to getting this to work is the migrate after running getsystem.
In this video I demonstrate the process from start to finish. I hope you find it useful.

No comments:

Post a Comment