Giters

yanghaoi / LaunchSystemCmd

在权限足够的情况下弹出system权限的cmd命令行,包含exe和dll两种文件类型,可用于一些可能存在本地提权漏洞的测试。

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

local-privilege-escalationsystem-cmd-gui

LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

launch cmd.exe in Session 0

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

Set Parent

CreateProcessA()

GIF Show

LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

rundll32 LaunchSystemCmdDll.dll,Run

About

在权限足够的情况下弹出system权限的cmd命令行,包含exe和dll两种文件类型,可用于一些可能存在本地提权漏洞的测试。

local-privilege-escalationsystem-cmd-gui

License:GNU General Public License v3.0

Languages

Language:C++ 97.6%Language:C 2.4%