Retrieve Client Shell Path|Privileges

Description

This Module allows attackers to retrieve Client 'running privileges', 'working directory'
and if 'Powershell -version 2 downgrade attack' its available in remote target machine.. This Module its super usseful because sometimes attacker dosent know if target have executed the dropper with Administrator privileges or if we are running in User-Land, It also shows current Client Working Directory

Remark

All the Modules Used in this article does not require the Client to be executed with Admin Privs
Powershell Downgrade attack check requires 'Client:Admin' Privileges to be abble to retrieve info

Article Quick Jump List

meterpeter - Retrieve Client Shell Path|Privileges

Retrieve Client Shell Path|Privileges

1º - Sellect meterpeter 'AdvInfo' Module adv

2º - Sellect meterpeter 'ListAdm' Module
This Module allows attackers to retrieve Client 'running privileges', 'working directory' and if 'Powershell -version 2 downgrade attack' its available in remote target machine..

Administrator Privileges Output (with PSv2 available) adm

UserLand Privileges Output adm

Jump To Top

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Retrieve Client Shell Path|Privileges

Description

Retrieve Client Shell Path|Privileges

Clone this wiki locally