support

Privilege Escalation

Go to [beacon] -> Access -> Elevate to launch a privilege escalation exploit. Choose a listener, select an exploit, and press Launch to run the exploit. This dialog is a front-end for Beacon's elevate command.


Cobalt Strike ships with two built-in exploits. ms14-058 is a (dated) privilege escalation exploit that works against unpatched Windows 7 systems. uac-dll is a Bypass UAC attack that attempts to elevate a payload, run by a local administrator, from a medium integrity context to a high integrity context. This implementation of the attack works on Windows 7 and unpatched Windows 10 systems.

You may add privilege escalation exploits to Cobalt Strike through the Elevate Kit. The Elevate Kit is an Aggressor Script that integrates several open source privilege escalation exploits into Cobalt Strike. https://github.com/rsmudge/ElevateKit.