1 00:00:00,690 --> 00:00:06,360 ‫So now using the Migrate Post module, you can migrate to another process on the victim. 2 00:00:07,490 --> 00:00:10,940 ‫Migration to another process may be needed for a variety of reasons. 3 00:00:11,780 --> 00:00:18,050 ‫For example, the services that we are currently injected into may not be so stable or we may need the 4 00:00:18,050 --> 00:00:19,880 ‫privileges of a different user. 5 00:00:22,140 --> 00:00:25,440 ‫So here I have a maternity session. 6 00:00:26,340 --> 00:00:34,860 ‫The command lists the processes running on the victims system, process ID, process, name, owner 7 00:00:34,860 --> 00:00:42,880 ‫path, path of running services, etc. the get predicament, which means get process I.D.. 8 00:00:43,890 --> 00:00:46,890 ‫Shows the process that we are currently injected in. 9 00:00:47,860 --> 00:00:55,990 ‫Drawn process ideas nine, six four, which is the idea of CBC host that easy process run by system 10 00:00:55,990 --> 00:00:56,410 ‫user. 11 00:00:57,680 --> 00:01:04,910 ‫The Get You I.D. that's short for get user I.D. shows our current user on the victims system. 12 00:01:05,950 --> 00:01:08,050 ‫That's what we already know, system. 13 00:01:08,920 --> 00:01:13,750 ‫So let's try to migrate another process which is run by another user. 14 00:01:14,590 --> 00:01:17,830 ‫There are some services running with the administrative privileges. 15 00:01:18,370 --> 00:01:22,060 ‫I'll try to migrate the process one six two zero now. 16 00:01:31,090 --> 00:01:32,710 ‫So it took too long. 17 00:01:32,770 --> 00:01:34,120 ‫Yeah, it timed out. 18 00:01:34,690 --> 00:01:40,690 ‫Now we couldn't migrate to another series, the migrate command may crash the maternity session sometimes, 19 00:01:42,040 --> 00:01:45,220 ‫so I'll check this session with the sis in full command. 20 00:01:46,000 --> 00:01:47,710 ‫As I expected, no answer. 21 00:01:47,720 --> 00:01:48,820 ‫The session crashed. 22 00:01:49,870 --> 00:01:50,650 ‫So I'll try it again. 23 00:01:50,890 --> 00:01:57,700 ‫Exit from recession, since we already have an exploit with the proper options, we can just type run 24 00:01:58,150 --> 00:01:59,530 ‫who exploit the system again. 25 00:02:00,280 --> 00:02:02,650 ‫And now we have a new interpretive session. 26 00:02:03,880 --> 00:02:12,190 ‫P.S. To see the services running on the victims system now, try to migrate another process to six this 27 00:02:12,190 --> 00:02:12,550 ‫time. 28 00:02:17,980 --> 00:02:19,840 ‫Now, once again, the session crashed. 29 00:02:21,390 --> 00:02:22,410 ‫OK, let's try. 30 00:02:27,050 --> 00:02:27,560 ‫I'll try. 31 00:02:27,590 --> 00:02:29,240 ‫Four to eight this time. 32 00:02:33,890 --> 00:02:34,640 ‫It's OK now. 33 00:02:35,210 --> 00:02:37,520 ‫So we migrated to the process four to eight. 34 00:02:38,420 --> 00:02:41,360 ‫Let's check the user with Get you I.D.. 35 00:02:41,780 --> 00:02:43,010 ‫It is administrator. 36 00:02:43,220 --> 00:02:43,430 ‫Hmm. 37 00:02:43,970 --> 00:02:52,040 ‫So we were the system user before and check the process ID with get the ID and the process is four to 38 00:02:52,040 --> 00:02:52,640 ‫eight now. 39 00:02:53,990 --> 00:03:00,530 ‫Now, I wonder, can we revert to previous processes with the rev to self command? 40 00:03:01,320 --> 00:03:01,900 ‫OK, sorry. 41 00:03:02,450 --> 00:03:05,090 ‫Rev to Self has another function. 42 00:03:05,750 --> 00:03:07,010 ‫So let me show it to you quickly. 43 00:03:08,270 --> 00:03:13,700 ‫If you change your privileges without migrating to another process, for example, using the Get System 44 00:03:13,700 --> 00:03:18,830 ‫Command, you can get back to previous privileges with the revert to self command. 45 00:03:19,980 --> 00:03:21,690 ‫So you get system command. 46 00:03:22,470 --> 00:03:25,770 ‫Look at the user ID as you see we are system user. 47 00:03:26,460 --> 00:03:32,700 ‫And if we run the rev to self now, the user will be the administrator again. 48 00:03:33,000 --> 00:03:33,570 ‫How's that?