Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Powershell Extension Execution Does Not Reflect Privilege Changes #737

Open
smcintyre-r7 opened this issue Dec 18, 2024 · 0 comments
Open

Powershell Extension Execution Does Not Reflect Privilege Changes #737

smcintyre-r7 opened this issue Dec 18, 2024 · 0 comments
Assignees
@dledda-r7
Labels
bug

Comments

@smcintyre-r7
Copy link
Contributor

When running a Windows Meterpreter, the privilege changes applied by getsystem are not reflected in the execution of powershell code through the powershell extension.

image

I am guessing that this could be due to the thread token not being applied to whatever is running the powershell code. When getsystem is executed and works, there's a core API that's called to set the thread token that should then be used for subsequent meterpreter commands. I'm thinking this is not making it's way to powershell.

metasploit-payloads/c/meterpreter/source/extensions/priv/namedpipe.c

Line 34 in 9047f4e

met_api->thread.update_token(remote, hToken);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dledda-r7 dledda-r7

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smcintyre-r7 @dledda-r7