PrivEsc Privilege Escalation windows 2008R2

[TheExample]

Hello there

any tools/ exploit for windows 2008r2 for Privilege Escalation as administrator?
we have access in remote but dont have admin rights access

*server dont have any AV/EDR

we attach hotfixes server in topic

 

[fcknfck 12]

try Winpeas, it will show you possible paths for privesc

 

[nomenchik]

Привет, попробуй стандартные LPE. Например DaveRelayUp, Perfusion, PrintSpoofer, Potato. Дальше сам, чуть поднапрягись и все найдешь. Удачи

 

[fcknfck 12]

Можно еще попробовать krbrelayup если тачка в домене

 

[TheExample]

You can also try krbrelayup if the car is in the domain

Yes this user is in the domain
tnx we test this

 

[SunYatsen]

TheExample https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS/winPEASexe

 

[user_47]

Как решается проблема АВ при работе винписа? Даже батник палится. Обфускация?

 

[Guest]

If AV/EDR is no issue you can utilize SharpWatson within LSTAR to scan the winsrv to see if its vuln to any LPE's.

 

[Moner29]

https://file.io/befKrjLcpn3X

xss.pro pass
Ничего настраивать не нужно. Просто запускаешь файл, можно сразу оба. через минуту вылетит новое cmd с system32

 

[TheExample]

https://file.io/befKrjLcpn3X

xss.pro pass
There is no need to configure anything. You just run the file, you can do both at once. in a minute the new cmd with system32 will crash

Can you upload again?
file deleted ((

 

[Moner29]

Can you upload again?
file deleted ((

Exploit.IN Send

Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.

send.exploit.in

 

[TheExample]

Exploit.IN Send

Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.

send.exploit.in

tnx we check it

 

[nomenchik]

https://file.io/befKrjLcpn3X

xss.pro pass
Ничего настраивать не нужно. Просто запускаешь файл, можно сразу оба. через минуту вылетит новое cmd с system32

Описываешь так будто это буквально "кнопка бабло"

 

[TheExample]

You describe it as if it’s literally a “money button”

)))

 

[rwxrwx]

Did you tried EternalBlue?

 

[TheExample]

Did you tried EternalBlue?

yes not working

 

[doctordradd]

any tools/ exploit for windows 2008r2 for Privilege Escalation as administrator?
we have access in remote but dont have admin rights access

you need to install crypted meterpreter (msfvenom + private crypter) and put "getsystem" command, fast and feasible for get SYSTEM privilege

 

[molotov477]

you need to install crypted meterpreter (msfvenom + private crypter) and put "getsystem" command, fast and feasible for get SYSTEM privilege

If there is no EDR/ AV, you can just encode the payload and try a simple meterpreter reverse shell if the server has internet access and can call out to your server, however if you have a domain user run that reverse shell then getsystem might not work, you will have to run bloodhound against the domain controller, gather more info about the domain and users and see what is the shortest path to domain admin or see if you can abuse the ACL to get better privileged access.

 

[Nylanister]

Exploit.IN Send

Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.

send.exploit.in

Обнови ссылку

 

[MrSpam]

Так что по итогу чем какой эксплойт получилось заюзать ?