7 Ways to Get Admin Access of Remote Windows PC (Bypass Privilege Escalation)

When you exploit the victim pc there would be certain limits which resist performing some action even after you are having the shell of victim’s pc. To get complete access of your victim pc; you need to bypass privilege escalation where a user receives privileges they are not authorize to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. Metasploit has various other post exploits that will use a number of different techniques to attempt to gain system level privileges on the remote system.

 Requirement

Attacker: kali Linux

Victim PC: Windows 7 

 Open kali Linux terminal type msfconsole

Use payload for windows and start multi/handler for reverse connection. Once you hacked the victim pc now go for privilege escalation using following techniques

Windows Escalate UAC Protection Bypass

 Available targets: Windows x32 and Windows x64 bit

 This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.

msf > use exploit/windows/local/bypassuac

msf exploit(bypassuac) > set session 1

msf exploit(bypassuac) > exploit

 Give a look at image when you will use getuid command it ask for user ID that is username: pc 10; after using getsystem now username is system. Again use getuid command now you are having admin access.

Full Artilce Read Here