« Privilege escalation » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
| Ligne 7 : | Ligne 7 : | ||
</filebox> | </filebox> | ||
Replace the executable of the Windows service by the compiled application. | # Replace the executable of the Windows service by the compiled application. | ||
A command prompt will be launched when the Windows service | # A command prompt will be launched when the Windows service starts. | ||
<kode lang='dos'> | <kode lang='dos'> | ||
whoami | whoami | ||
REM nt authority\system | REM nt authority\system | ||
</kode> | </kode> | ||
Version du 7 février 2022 à 17:31
With a writable Windows service
If the executable of a Windows service is writable by non-admin users, you can replace it with another executable that will launch a command prompt in the system account.
| Program.cs |
- Replace the executable of the Windows service by the compiled application.
- A command prompt will be launched when the Windows service starts.
|
whoami REM nt authority\system |
