Results 1 to 3 of 3

Thread: unable to dump hashes in win7 with meterpreter

  1. #1
    Member
    Join Date
    Oct 2006
    Posts
    63

    unable to dump hashes in win7 with meterpreter

    I got a meterpreter session on a win7 box; however, I'm unable to use hashdump. I get insufficient privileges. So I tried to use the "keylogrecorder" script, but I need to migrate to winlogon.exe for that, and again, I'm unable to migrate due to insufficient prvs. I used "getprivs," and "set priv" then tried again with same results. I noticed that "getsystem" is not avaiable.... the user that I got my meterpreter session is member of the admin group, yet I'm not able to get any of this command working. I wonder if is b/c UAC, which can be turned off. Is there any script that turn off UAC?...... any help appreciated

    Code:
    meterpreter > use priv
    Loading extension priv...success.
    Code:
    meterpreter > run hashdump[*] Obtaining the boot key...[*] Calculating the hboot key using SYSKEY b9106b7575965755275b237fe2b54acd...
    [-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_create_key: Operation failed: 5
    [-] This script requires the use of a SYSTEM user context (hint: migrate into service process)
    meterpreter >
    thanks

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    My bet would be UAC. You could try disabling it manually on the box [since it is your system, right? ] for troubleshooting purposes. I have heard that it is theoretically possible to disable UAC remotely, but have never seen a proof of concept.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Member
    Join Date
    Oct 2006
    Posts
    63
    Quote Originally Posted by westin View Post
    My bet would be UAC. You could try disabling it manually on the box [since it is your system, right? ] for troubleshooting purposes. I have heard that it is theoretically possible to disable UAC remotely, but have never seen a proof of concept.
    I've google for it, but nothing.... but I'm looking for different ways to dump the hashes... I'll let you know

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Replies: 43
    Last Post: July 22nd, 2007, 09:28 AM
  3. Windows XP process dumper?
    By gore in forum Operating Systems
    Replies: 11
    Last Post: January 12th, 2006, 06:20 PM
  4. The Perfect Dump.
    By foxyloxley in forum Tech Humor
    Replies: 0
    Last Post: August 2nd, 2004, 09:53 PM
  5. Central Secure Logging in a Win2k Environment
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 5
    Last Post: March 4th, 2004, 05:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •