:LiGithub: https://github.com/SecWiki/windows-kernel-exploits
- Once we find an exploit and happens to have a meterpreter session in the target we upload the exploit like this:
upload <exploit.py>### Upload the exploit in the \temp\ directory.
:LiGithub: https://github.com/bitsadmin/wesng [[wesng]]
MSF Modules:
post/multi/recon/local_exploit_suggester# Select a session from options then just run the "Post Exploitation Module"
| MSF Module | Description |
|---|---|
post/windows/manage/archmigrate |
This module checks if the meterpreter architecture is the same as the OS architecture and if it's incompatible it spawns a new process with the correct architecture and migrates into that process. |
post/windows/gather/win_privs |
This module will print if UAC is enabled, and if the current account is ADMIN enabled. It will also print UID, foreground SESSION ID, is SYSTEM status and current process PRIVILEGES. (Basically same as getprivs command in meterpreter) |
post/windows/gather/enum_logged_on_users |
This module will enumerate current and recently logged on Windows users. |
post/windows/gather/checkvm |
This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. |
post/windows/gather/enum_applications |
enumerate all installed applications on a Windows system and their versions. |
post/windows/gather/enum_av_excluded |
This module will enumerate the file, directory, process and extension-based exclusions from supported AV products, so we can download and execute our payloads in that specific excluded folder. which currently includes Microsoft Defender, Microsoft Security Essentials/Antimalware, and Symantec Endpoint Protection. |
post/windows/gather/enum_av |
This module will enumerate the AV products detected by WMIC |
post/windows/gather/enum_computers |
This module will enumerate computers included in the primary Active Directory domain. |
post/windows/gather/enum_patches |
This module enumerates patches applied to a Windows system. |
post/windows/gather/enum_shares |
his module will enumerate configured and recently used file shares. |
post/windows/manage/enable_rdp |
This module enables the Remote Desktop Service (RDP). It provides the options to create an account and configure it to be a member of the Local Administrators and Remote Desktop Users group. It can also forward the target's port 3389/tcp. |