metasploit

Unquoted Service Path

What is an Unquoted Service Path? Unquoted Service path is a Privilege escalation technique which allows you to escalate your privileges from a standard unprivileged user to an administrator or NT System account. If the service is created, the path for the executable contains spaces and the whole path is not enclosed within quotes you have an unquoted service path. An Unquoted Service Path works by exploiting the way the Windows operating system looks…

Token Impersonation Attack

Token Impersonation is a way of impersonating a user access token, allowing you to effectively take over the user without even needing to know the user’s password. Subsequently, attackers are currently using this in the wild as a way to escalate privileges and move laterally across the network. However, without proper mitigation in place, it is relatively easy to perform. The one caveat is that a token impersonation attack is a post-exploitation attack. This…

Creating a Payload with Msfvenom

In this tutorial, I am going to give you a quick overview on how to generate a Metasploit payload with Msfvenom. Msfvenom allows you to quickly generate custom Metasploit payloads on the fly straight from the terminal. To follow along with this tutorial you are going to need to have a copy of Metasploit installed. Metasploit is already installed by default in Kali Linux; if you haven’t got kali setup yet check out my…

Scroll to top