« Privilege escalation » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
(Page créée avec « Category:Hack = [https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/ With a writable Windows service] = If the executable of a Windows servic… »)
 
Ligne 9 : Ligne 9 :
Replace the executable of the Windows service by the compiled application.<br>
Replace the executable of the Windows service by the compiled application.<br>
A command prompt will be launched when the Windows service will start.
A command prompt will be launched when the Windows service will start.
<kode lang='msdos'>
<kode lang='dos'>
whoami
whoami
REM nt authority\system
REM nt authority\system
</kode>
</kode>

Version du 7 février 2022 à 17:28

With a writable Windows service

If the executable of a Windows service is writable by non-admin users, you could replace it by another executable which will start a command prompt in the System account.

Program.cs 




Replace the executable of the Windows service by the compiled application.

A command prompt will be launched when the Windows service will start.






Dos.svg


whoami
REM nt authority\system




Récupérée de « http://wiki.bananeatomic.fr/index.php?title=Privilege_escalation&oldid=26750 »