-
September 15th, 2010, 12:09 AM
#1
Member
unable to dump hashes in win7 with meterpreter
I got a meterpreter session on a win7 box; however, I'm unable to use hashdump. I get insufficient privileges. So I tried to use the "keylogrecorder" script, but I need to migrate to winlogon.exe for that, and again, I'm unable to migrate due to insufficient prvs. I used "getprivs," and "set priv" then tried again with same results. I noticed that "getsystem" is not avaiable.... the user that I got my meterpreter session is member of the admin group, yet I'm not able to get any of this command working. I wonder if is b/c UAC, which can be turned off. Is there any script that turn off UAC?...... any help appreciated
Code:
meterpreter > use priv
Loading extension priv...success.
Code:
meterpreter > run hashdump[*] Obtaining the boot key...[*] Calculating the hboot key using SYSKEY b9106b7575965755275b237fe2b54acd...
[-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_create_key: Operation failed: 5
[-] This script requires the use of a SYSTEM user context (hint: migrate into service process)
meterpreter >
thanks
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By Irongeek in forum The Security Tutorials Forum
Replies: 43
Last Post: July 22nd, 2007, 09:28 AM
-
By gore in forum Operating Systems
Replies: 11
Last Post: January 12th, 2006, 06:20 PM
-
By foxyloxley in forum Tech Humor
Replies: 0
Last Post: August 2nd, 2004, 09:53 PM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 5
Last Post: March 4th, 2004, 05:00 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|