LaunchSystemCmd icon indicating copy to clipboard operation
LaunchSystemCmd copied to clipboard

Published 20 hours ago verified publisher icon yanghaoi

Metadata

在权限足够的情况下弹出system权限的cmd命令行,包含exe和dll两种文件类型,可用于一些可能存在本地提权漏洞的测试。

LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

launch cmd.exe in Session 0

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

Set Parent

CreateProcessA()

GIF Show

LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

rundll32 LaunchSystemCmdDll.dll,Run

Metadata

30
Stars
2
Forks
Watchers

Owner

verified publisher icon yanghaoi

Metadata

在权限足够的情况下弹出system权限的cmd命令行,包含exe和dll两种文件类型,可用于一些可能存在本地提权漏洞的测试。

Back