Local Privilege Escalation (Windows)

I figure that my first post will be about local privilege escalation.  It sounds like a good place to start.  So where do we go first to find a current local exploit?  The wonderful Exploit-DB, maintained by Offensive Security.

The top exploit as of today was written by webDEViL and exploits Windows Task Scheduler:


Just copy the text to a file with a “wsf” extension and run it using cscript:

c:\cscript.exe exploit.wsf

As written, the script creates a user “test123” with the password “test123” in the local Administrators group.  Easy huh?

The vulnerability is still currently under CVE review at CVE-2010-3888.  It was identified by Kaspersky Labs and other researchers and was apparently found in the wild being used by the Stuxnet Virus that was found in July of this year.

So, what’s the takeaway from this post?  Exploit-DB is the first place to go for your exploitation needs.

This exploit was recently added to Metasploit and cleverly named Schelevator.  The vulnerability was also patched by Microsoft in MS10-092.

Comments are closed.