ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

LOL Drivers

Browse Source
This commit is contained in:
Swissky 2023-04-07 09:22:07 +02:00
parent 30d17b4924
commit 86cc53244d
1 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Methodology and Resources/Windows - Privilege Escalation.md
View File

@ -868,11 +868,14 @@ Application running as SYSTEM allowing an user to spawn a CMD, or browse directo
Example: "Windows Help and Support" (Windows + F1), search for "command prompt", click on "Click to open Command Prompt"
## EoP - Evaluating Vulnerable Drivers
Look for vuln drivers loaded, we often don't spend enough time looking at this:
* [Living Off The Land Drivers](https://www.loldrivers.io/) is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
* Native binary: DriverQuery.exe
```powershell
# Native binary
PS C:\Users\Swissky> driverquery.exe /fo table /si
Module Name Display Name Driver Type Link Date
============ ====================== ============= ======================
@ -886,8 +889,9 @@ AcpiPmi ACPI Power Meter Drive Kernel 11/19/2006 9:20:15 PM
acpitime ACPI Wake Alarm Driver Kernel 2/9/1974 7:10:30 AM
ADP80XX ADP80XX Kernel 4/9/2015 4:49:48 PM
<SNIP>
# https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery
```
* [matterpreter/OffensiveCSharp/DriverQuery](https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery)
```powershell
PS C:\Users\Swissky> DriverQuery.exe --no-msft
[+] Enumerating driver services...
[+] Checking file signatures...