Skip to main content
Information Security

Return to Question

deleted 9 characters in body; edited title
Source Link
Anders
Anders
  • 65.9k
  • 25
  • 188
  • 227

How to use standalone meterpreter exe with a USB key connected to an unlocked victimevictim session

When I need to make a POC about why it is dangerous to let the session unlocked, I used to put a mimikatz on an USB key and get the logon credentials in clear text. But sometimes the client has no debug privilege so mimikatz cannot run.

But, when I use meterpreter (for example through psexec with a domain user creds (not privileged)), I can really easily obtain SYSTEM privilege by using the lazy getsystem command. So, I guess there are well automated privilege escalation exploits that I can use from my USB key locally plugged to the victim session (unlocked).

I have seen that it is easy to generate meterpreter instance with msfvenom, but all the possibilities I see are about reverse shell (aka shell over network: reverse_http, reverse_tcp, etc.).
For my problem I just need a standalone local executable: just put it on my USB key and execute it locally.

This sound easy but I don't see any example of how to do that. I guess I could create a local reverse shell and execute it on the victim PC and then connect to it from my machine but create a local meterpreter should be easier

Thanks.

How to use standalone meterpreter exe with a USB key connected to an unlocked victime session

When I need to make a POC about why it is dangerous to let the session unlocked, I used to put a mimikatz on an USB key and get the logon credentials in clear text. But sometimes the client has no debug privilege so mimikatz cannot run.

But, when I use meterpreter (for example through psexec with a domain user creds (not privileged)), I can really easily obtain SYSTEM privilege by using the lazy getsystem command. So, I guess there are well automated privilege escalation exploits that I can use from my USB key locally plugged to the victim session (unlocked).

I have seen that it is easy to generate meterpreter instance with msfvenom, but all the possibilities I see are about reverse shell (aka shell over network: reverse_http, reverse_tcp, etc.).
For my problem I just need a standalone local executable: just put it on my USB key and execute it locally.

This sound easy but I don't see any example of how to do that. I guess I could create a local reverse shell and execute it on the victim PC and then connect to it from my machine but create a local meterpreter should be easier

Thanks

How to use standalone meterpreter exe with a USB key connected to an unlocked victim session

When I need to make a POC about why it is dangerous to let the session unlocked, I used to put a mimikatz on an USB key and get the logon credentials in clear text. But sometimes the client has no debug privilege so mimikatz cannot run.

But, when I use meterpreter (for example through psexec with a domain user creds (not privileged)), I can really easily obtain SYSTEM privilege by using the lazy getsystem command. So, I guess there are well automated privilege escalation exploits that I can use from my USB key locally plugged to the victim session (unlocked).

I have seen that it is easy to generate meterpreter instance with msfvenom, but all the possibilities I see are about reverse shell (aka shell over network: reverse_http, reverse_tcp, etc.).
For my problem I just need a standalone local executable: just put it on my USB key and execute it locally.

This sound easy but I don't see any example of how to do that. I guess I could create a local reverse shell and execute it on the victim PC and then connect to it from my machine but create a local meterpreter should be easier.

Source Link
Sibwara
Sibwara
  • 1.4k
  • 9
  • 23

How to use standalone meterpreter exe with a USB key connected to an unlocked victime session

When I need to make a POC about why it is dangerous to let the session unlocked, I used to put a mimikatz on an USB key and get the logon credentials in clear text. But sometimes the client has no debug privilege so mimikatz cannot run.

But, when I use meterpreter (for example through psexec with a domain user creds (not privileged)), I can really easily obtain SYSTEM privilege by using the lazy getsystem command. So, I guess there are well automated privilege escalation exploits that I can use from my USB key locally plugged to the victim session (unlocked).

I have seen that it is easy to generate meterpreter instance with msfvenom, but all the possibilities I see are about reverse shell (aka shell over network: reverse_http, reverse_tcp, etc.).
For my problem I just need a standalone local executable: just put it on my USB key and execute it locally.

This sound easy but I don't see any example of how to do that. I guess I could create a local reverse shell and execute it on the victim PC and then connect to it from my machine but create a local meterpreter should be easier

Thanks