1
00:00:00,660 --> 00:00:06,390
‫So now using the migrate post module, you can migrate to another process on the victim.

2
00:00:07,490 --> 00:00:10,970
‫Migration to another process may be needed for a variety of reasons.

3
00:00:11,800 --> 00:00:18,080
‫For example, the services that we are currently injected into may not be so stable or we may need the

4
00:00:18,080 --> 00:00:19,910
‫privileges of a different user.

5
00:00:22,110 --> 00:00:28,490
‫So here I have an interpreter session the command list.

6
00:00:28,590 --> 00:00:30,880
‫The process is running on the victim's system.

7
00:00:32,130 --> 00:00:41,310
‫Process, ID process, name on her path, path of running services, et that get predicament, which

8
00:00:41,310 --> 00:00:42,900
‫means get process ID.

9
00:00:43,890 --> 00:00:46,920
‫Shows the process that we are currently injected in.

10
00:00:47,860 --> 00:00:56,410
‫During process ideas nine six four, which is the ID of SBC host Yuxi Process run by system user.

11
00:00:57,680 --> 00:01:04,910
‫They get uid that short for get user ID shows our current user on the victim's system.

12
00:01:05,950 --> 00:01:08,050
‫That's what we already know system.

13
00:01:08,920 --> 00:01:13,730
‫So let's try to migrate another process which is run by another user.

14
00:01:14,590 --> 00:01:17,860
‫There are some services running with the administrative privileges.

15
00:01:18,320 --> 00:01:22,090
‫I'll try to migrate the process one six two zero now.

16
00:01:31,060 --> 00:01:32,720
‫So it took too long.

17
00:01:32,770 --> 00:01:36,850
‫Yeah, it timed out now we couldn't migrate to another service.

18
00:01:37,000 --> 00:01:44,250
‫The migrant command may crash the interpreter session sometimes, so I'll check the session with the

19
00:01:44,260 --> 00:01:46,990
‫sister infocom in, as I expected.

20
00:01:46,990 --> 00:01:47,730
‫No answer.

21
00:01:47,740 --> 00:01:48,850
‫The session crashed.

22
00:01:49,810 --> 00:01:55,840
‫So I'll try to get an exit from the session, since we already have an exploit with the proper options,

23
00:01:56,230 --> 00:01:59,560
‫we can just type one to exploit the system again.

24
00:02:00,250 --> 00:02:02,650
‫And now we have a new interpretor session.

25
00:02:03,880 --> 00:02:12,220
‫Hopes to see the services running on the victim's system now try to migrate another process to 96 this

26
00:02:12,220 --> 00:02:12,580
‫time.

27
00:02:17,980 --> 00:02:18,340
‫No.

28
00:02:18,490 --> 00:02:19,870
‫Once again, the session crashed.

29
00:02:21,360 --> 00:02:22,380
‫OK, let's try.

30
00:02:26,990 --> 00:02:29,300
‫I'll try four to eight this time.

31
00:02:33,890 --> 00:02:37,550
‫It's OK now, so we migrated to the process four to eight.

32
00:02:38,390 --> 00:02:41,340
‫Let's check the user with get UID.

33
00:02:41,780 --> 00:02:43,010
‫It is administrator.

34
00:02:43,200 --> 00:02:43,480
‫Hmm.

35
00:02:43,970 --> 00:02:52,070
‫So we were the system user before and check the process ID with get the ID and the process is four to

36
00:02:52,070 --> 00:02:52,670
‫eight now.

37
00:02:53,990 --> 00:03:00,540
‫Now, I wonder, can we revert to previous processes with the Rev to self-command?

38
00:03:01,250 --> 00:03:05,100
‫OK, sorry, Rev to Self has another function.

39
00:03:05,750 --> 00:03:07,040
‫So let me show it to you quickly.

40
00:03:08,270 --> 00:03:13,730
‫If you change your privileges without migrating to another process, for example, using the get system

41
00:03:13,730 --> 00:03:18,830
‫command, you can get back to previous privileges with the Revd to self-command.

42
00:03:19,950 --> 00:03:28,140
‫So you get system command, look at the user ID, as you see, we are system user and if we run the

43
00:03:28,140 --> 00:03:32,750
‫rev to self now, the user will be the administrator again.

44
00:03:33,000 --> 00:03:33,600
‫Howzat.