mirror of
https://github.com/gtworek/Priv2Admin
synced 2024-11-13 23:17:10 +00:00
Small typo
`ftlMC` -> `fltMC`
This commit is contained in:
parent
b8907eea4e
commit
48071cd17e
1 changed files with 1 additions and 1 deletions
|
@ -40,7 +40,7 @@ Feel free to contribute and/or discuss presented ideas.
|
|||
|`SeIncreaseBasePriority`| Availability | ***Built-in commands*** | `start /realtime SomeCpuIntensiveApp.exe` | May be more interesting on servers. |
|
||||
|`SeIncreaseQuota`| Availability | 3rd party tool | Change cpu, memory, and cache limits to some values making the OS unbootable. | - Quotas are not checked in the safe mode, which makes repair relatively easy.<br> - The same privilege is used for managing registry quotas. |
|
||||
|`SeIncreaseWorkingSet`| None | - | - | Privilege held by everyone. Checked when calling fine-tuning memory management functions. |
|
||||
|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability<br> <br> Alternatively, the privilege may be used to unload security-related drivers with `ftlMC` builtin command. i.e.: `fltMC sysmondrv` | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh) |
|
||||
|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability<br> <br> Alternatively, the privilege may be used to unload security-related drivers with `fltMC` builtin command. i.e.: `fltMC sysmondrv` | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh) |
|
||||
|`SeLockMemory`| Availability | 3rd party tool | Starve System memory partition by moving pages. | PoC published by [Walied Assar (@waleedassar)](https://twitter.com/waleedassar/status/1296689615139676160) |
|
||||
|`SeMachineAccount`| None | - | - |The privilege is not used in the Windows OS. |
|
||||
|`SeManageVolume`| ***Admin*** | 3rd party tool | 1. Enable the privilege in the token<br>2. Create handle to \\.\C: with `SYNCHRONIZE \| FILE_TRAVERSE`<br>3. Send the `FSCTL_SD_GLOBAL_CHANGE` to replace `S-1-5-32-544` with `S-1-5-32-545`<br>4. Overwrite utilman.exe etc. | `FSCTL_SD_GLOBAL_CHANGE` can be made with this [piece of code](https://github.com/gtworek/PSBits/blob/master/Misc/FSCTL_SD_GLOBAL_CHANGE.c). |
|
||||
|
|
Loading…
Reference in a new issue