September 2018
Intermediate to advanced
480 pages
9h 45m
English
Content preview from Hands-On Red Team Tactics
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Empire post exploitation for Windows
Assuming that we have already got an agent connected to us, we will now perform post exploitation on Windows OS when the agent's security context is low. As demonstrated in the following screenshot, we have got an agent which has low privileges (high_integrity: 0):
We can elevate the privileges using the privilege escalation modules in Empire. For this scenario, we will be using the bypassuac_eventvwr module.
To execute this module, use the bypassuac command and the listener as the argument passed to bypassuac_eventvwr:
The same thing can be achieved using the following commands:
usemodule privesc/bypassuac_eventvwr ...