-
September 15th, 2010, 12:09 AM
#1
Member
unable to dump hashes in win7 with meterpreter
I got a meterpreter session on a win7 box; however, I'm unable to use hashdump. I get insufficient privileges. So I tried to use the "keylogrecorder" script, but I need to migrate to winlogon.exe for that, and again, I'm unable to migrate due to insufficient prvs. I used "getprivs," and "set priv" then tried again with same results. I noticed that "getsystem" is not avaiable.... the user that I got my meterpreter session is member of the admin group, yet I'm not able to get any of this command working. I wonder if is b/c UAC, which can be turned off. Is there any script that turn off UAC?...... any help appreciated
Code:
meterpreter > use priv
Loading extension priv...success.
Code:
meterpreter > run hashdump[*] Obtaining the boot key...[*] Calculating the hboot key using SYSKEY b9106b7575965755275b237fe2b54acd...
[-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_create_key: Operation failed: 5
[-] This script requires the use of a SYSTEM user context (hint: migrate into service process)
meterpreter >
thanks
-
September 15th, 2010, 08:41 PM
#2
My bet would be UAC. You could try disabling it manually on the box [since it is your system, right? ] for troubleshooting purposes. I have heard that it is theoretically possible to disable UAC remotely, but have never seen a proof of concept.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
September 15th, 2010, 11:00 PM
#3
Member
Originally Posted by westin
My bet would be UAC. You could try disabling it manually on the box [since it is your system, right? ] for troubleshooting purposes. I have heard that it is theoretically possible to disable UAC remotely, but have never seen a proof of concept.
I've google for it, but nothing.... but I'm looking for different ways to dump the hashes... I'll let you know
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By Irongeek in forum The Security Tutorials Forum
Replies: 43
Last Post: July 22nd, 2007, 09:28 AM
-
By gore in forum Operating Systems
Replies: 11
Last Post: January 12th, 2006, 06:20 PM
-
By foxyloxley in forum Tech Humor
Replies: 0
Last Post: August 2nd, 2004, 09:53 PM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 5
Last Post: March 4th, 2004, 05:00 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|