in meterpreter:
getsystemto get help:
getsystem -hWhat happens? When should you run it?
On CTFs, getsystem never hurts. Quick and easy win.
In a real world environment, you could crash a machine vvv
getsystem Overview | TCM Security, Inc. (tcm-sec.com)
***COULD CRASH A MACHINE DONT ALWAYS RUN IT
Technique 1 (Named Pipe Impersonation - In Memory/Admin):
- Try to impersonate into SYSTEM
Technique 2 (Named Pipe Impersonation - Dropper/Admin):
- Drops into disk
- Recommended to NOT run this because it can get caught by antivirus/get detected
- Drops a DLL onto the disk and schedules rundll32.exe as a service to run the DLL as SYSTEM
Technique 3 (Token Duplication - In Memory/Admin):
- SeDebugPrivileges
- Find a service that’s running as SYSTEM and you can inject into