Mirrors/Priv2Admin
2
0
Fork 0
mirror of https://github.com/gtworek/Priv2Admin synced 2024-11-12 22:47:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Link updates

Browse source
This commit is contained in:
Grzegorz Tworek 2019-12-03 20:33:48 +01:00
parent 53d8c0fed7
commit bce3a2deb9
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -40,7 +40,7 @@ Feel free to contribute and/or discuss presented ideas.
|`SeIncreaseBasePriority`| ? | ? | ? ||
|`SeIncreaseQuota`| ? | ? | ? ||
|`SeIncreaseWorkingSet`| ? | ? | ? ||
|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The example `szkg64` exploit code was created by [Parvez](https://www.greyhathacker.net/?p=1025) |
|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh) |
|`SeLockMemory`| None | - | - | The privilege allows to mark memory pages to be paged (swapped) later than others. Additionally, it is verified when memory partitioning operations are performed. Of course, you can affect availability by taking too much memory (it is enough to open huge pic in mspaint) but it will have the same effect regardless locking pages or not. This permission does allow you to do anything you cannot achieve anyway. |
|`SeMachineAccount`| None | - | - |The privilege is not used in the Windows OS. |
|`SeManageVolume`| **Threat** | 3rd party tool | Create large file and manipulate the valid data length with [`SetFileValidData()`](https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-setfilevaliddata). Effectively the data from deleted files should be visible inside the file. |- Files smaller than ~700B fit entirely within MFT entries and will not expose the content with such method.<br>- It looks like the privilege allows to manipulate with mbr, which may lead to some availability issues. To be investigated. |