type
status
date
slug
summary
tags
category
icon
password
Status
Due date
Sep 16, 2023 03:12 AM

Progress

notion image
notion image
Using to find the hidden directory.
notion image
notion image
notion image
遠端登入該windows主機
notion image
找到flag1
notion image
Using 弱點,此弱點利用 Windows Certificate Dialog繞過 UAC(User Account Control)機制,並取得NT AUTHORITY\SYSTEM
notion image
 
notion image
notion image
notion image
notion image
找出flag2的位置
 
notion image
使用 ,使用exploit/multi/script/web_delivery,產生reverse shell payload及server
notion image
notion image
💡
檢查攻擊機PORT有沒有被占用
notion image
可以透過下列的方式傳送payload到victim
【方法一】
notion image
notion image
執行payload
執行payload
得到reverseshell
得到reverseshell
notion image
【方法二】
在victim上直接連metasploit上架的server
notion image
notion image
 
 

Reference

CVE-2019–1388: Windows Privilege Escalation Through UAC
There is a privilege escalation vulnerability in the Windows Certificate Dialog box allowing an attacker to easily elevate privileges to NT…
CVE-2019–1388: Windows Privilege Escalation Through UAC
https://sotharo-meas.medium.com/cve-2019-1388-windows-privilege-escalation-through-uac-22693fa23f5f
CVE-2019–1388: Windows Privilege Escalation Through UAC
CVE - CVE-2019-1388
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
CVE - CVE-2019-1388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1388
How to check if port is in use on Linux or Unix
Explains how to check the listening TCP or UDP ports and applications with various Linux and Unix commands.
How to check if port is in use on Linux or Unix
https://www.cyberciti.biz/faq/unix-linux-check-if-port-is-in-use-command/
How to check if port is in use on Linux or Unix
Meterpreter Service - Metasploit Unleashed
Metasploit has a Meterpreter script, persistence.rb, that will create a Meterpreter service that will be available to you even if the remote system is rebooted.
Meterpreter Service - Metasploit Unleashed
https://www.offsec.com/metasploit-unleashed/meterpreter-service/
Meterpreter Service - Metasploit Unleashed
Msfconsole Commands - Metasploit Unleashed
The MSFconsole has many different command options to chose from. The following are a core set of Metasploit commands with reference to their output.
Msfconsole Commands - Metasploit Unleashed
https://www.offsec.com/metasploit-unleashed/msfconsole-commands/
Msfconsole Commands - Metasploit Unleashed
相關文章
Tryhackme - Mr Robot
Tryhackme - Blueprint
Remove user from specific AD groupTryhackme - Mr Robot