[framework] Reverse shell bind payload
Patrick Webster
patrick at aushack.com
Thu Nov 8 17:01:16 CST 2007
Yes, it is highly likely the process is running as a different user.
What you can do on the target system, in the services.msc manager, open the
vulnerable process and tick the LogOn -> "Allow service to interact with
desktop" checkbox...
This will allow a SYSTEM calc.exe process to be visible to the interactively
logged on user, e.g. Guest or User.
-Patrick
On 11/8/07, base64 <basehat at gmail.com> wrote:
>
> you are most likely running the shell under context of the 'SYSTEM' user,
> whose processes do not interact with the user desktop.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20071109/69cd2da5/attachment.htm
More information about the framework
mailing list