module
Windows Manage RID Hijacking
| Disclosed | Created |
|---|---|
| N/A | Jun 14, 2018 |
Disclosed
N/A
Created
Jun 14, 2018
Description
This module will create an entry on the target by modifying some properties
of an existing account. It will change the account attributes by setting a
Relative Identifier (RID), which should be owned by one existing
account on the destination machine.
Taking advantage of some Windows Local Users Management integrity issues,
this module will allow to authenticate with one known account
credentials (like GUEST account), and access with the privileges of another
existing account (like ADMINISTRATOR account), even if the spoofed account is
disabled.
of an existing account. It will change the account attributes by setting a
Relative Identifier (RID), which should be owned by one existing
account on the destination machine.
Taking advantage of some Windows Local Users Management integrity issues,
this module will allow to authenticate with one known account
credentials (like GUEST account), and access with the privileges of another
existing account (like ADMINISTRATOR account), even if the spoofed account is
disabled.
Author
Sebastian Castro sebastian.castro@cslcolombia.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.