Windows Manage RID Hijacking
This module will create an entry on the target by modifying some properties of an existing account. It will change the account attributes by setting a Relative Identifier (RID), which should be owned by one existing account on the destination machine. Taking advantage of some Windows Local Users Management integrity issues, this module will allow to authenticate with one known account credentials (like GUEST account), and access with the privileges of another existing account (like ADMINISTRATOR account), even if the spoofed account is disabled.
- Sebastian Castro <sebastian.castro [at] cslcolombia.com>
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use post/windows/manage/rid_hijack msf post(rid_hijack) > sessions ...sessions... msf post(rid_hijack) > set SESSION <session-id> msf post(rid_hijack) > show options ...show and set options... msf post(rid_hijack) > run