Good evening friends. Recently we have seen privilege escalation in Windows 7 with bypass uac exploit. Today we will see another exploit ms16-016 mrxdav.sys WEBDAV for privilege escalation in Windows 32bit machines. mrxdav.sys is a Windows driver. It is also called as Windows NT WebDav Minirdr and is used on Windows computers to utilize WebDAV servers. This exploit uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server to escalate privileges.
First hack the system with Metasploit by using one of the methods shown in Latest hacks. Once you got a meterpreter session, check the privileges by typing command “getuid“. We don’t have system privileges. Background the session by typing command “background” as shown below.
Load the ms16_016_webdav exploit as shown below.
We need only one option: session id of the session we just backgrounded. Set the session id as shown below. Run the exploit. The exploit ran successfully.
Now verify the privileges by typing “getuid” command once again as shown below. We successfully got system privileges.