« Privilege escalation » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 1 : Ligne 1 :
[[Category:Hack]]
[[Category:Hack]]
= [https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/ With a writable Windows service] =
= [https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/ With a writable Windows service] =
If the executable of a Windows service is writable by non-admin users, you could replace it by another executable which will start a command prompt in the System account.
If the executable of a Windows service is writable by non-admin users, you can replace it with another executable that will launch a command prompt in the system account.


<filebox fn='Program.cs'>
<filebox fn='Program.cs'>

Version du 7 février 2022 à 17:30

With a writable Windows service

If the executable of a Windows service is writable by non-admin users, you can replace it with another executable that will launch a command prompt in the system account.

Program.cs 




Replace the executable of the Windows service by the compiled application.

A command prompt will be launched when the Windows service will start.






Dos.svg


whoami
REM nt authority\system




Récupérée de « http://wiki.bananeatomic.fr/index.php?title=Privilege_escalation&oldid=26751 »