mailing list archives
Re: Exploit Type Local
From: Ty Miller <tyronmiller () gmail com>
Date: Fri, 21 May 2010 09:29:03 +1000
It would make sense to send local exploits down via a meterpreter session to
perform privilege escalation in case you only have user level access after
exploitation, and getsystem doesn't provide admin access.
I have to admit that I almost always get admin access immediately after
exploitation, but I have had to use local exploits in the past on rare
occasions where i've had to exploit a local vulnerability to elevate to
On Thu, May 20, 2010 at 2:21 PM, HD Moore <hdm () metasploit com> wrote:
On 5/19/2010 9:36 PM, Javier wrote:
Hi everbody, I have a question:
I see in /msf3/lib/msf/core/exploit the type of exploits, and i can't
find the class for "Local Exploits" Msf::Exploit::Local where is she?
Other: this class no have nothing of documentation, my exploit have to
exec a program vulnerable with a argument "the typic AAAAAAAAAA...",
there are a bult-in code in Local Exploits or the execute with exec?
Support for local exploits is still a stub at this point; if you want to
test it out, use the standard Remote exploit type and the existing
payloads, but just set RHOST 127.0.0.1. We may look into expanding local
exploits at some point, but it rarely makes sense to install all of
metasploit in order to abuse a local vulnerability.