Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
This module attempts to exploit the security permissions set on the .NET Runtime Optimization service. Vulnerable versions of the .NET Framework include 4.0 and 2.0. The permissions on this service allow domain users and local power users to modify the mscorsvw.exe binary.
Rank
- Normal
Authors
- bannedit < bannedit [at] metasploit.com >
Vulnerability References
Development
Similar Modules
- post/windows/escalate/bypassuac
- post/windows/escalate/droplnk
- post/windows/escalate/getsystem
- post/windows/escalate/ms10_073_kbdlayout
- post/windows/escalate/ms10_092_schelevator
- post/windows/escalate/screen_unlock
- post/windows/escalate/service_permissions
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/escalate/net_runtime_modify
msf post(net_runtime_modify) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/escalate/net_runtime_modify
msf post(net_runtime_modify) > set SESSION [INTEGER]
Module Options
| LHOST | Listener IP address for the new session |
| LPORT | Listener port for the new session (default: 4444) |
| SESSION | The session to run this module on. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |