So I am poking around with a VM of Windows 7 and Metasploit. After listing all running processes in meterpreter (as NT AUTHORITY/SYSTEM) I noticed that there was no owner for the audiodg.exe process. However, under the windows task manager on the local machine, I see that the processes is listed as a local service.
My questions are:
1) Who owns this process and what privileges does it have?
2) Why doesn't the owner show up when I list all running processes in meterpreter or any custom python script
3) Would this process have ring0 access since I can't kill it or migrate to it as NT AUTHORITY/SYSTEM
Based off of the reading I've done, my assumption is that since this .exe deals with drivers / driver signing there is a good possibility of ring0 access if I could migrate/exploit this process.
Edited by satyricon11, 05 March 2018 - 12:50 PM.