metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

New function suggestion: userclone on windows

Open yzddmr6 opened this issue 5 years ago • 1 comments

In many cases, we can't add administrator users directly or even don not have the access to net.exe

But we can clone the privileges of existing administrator users by modifying the registry

In face some Chinese hackers had made the exp successfully

But it can not bypass the av and there is no source code

Many friends need it very much

Sooooooooooo I think it may be added to msf

reference: https://baike.baidu.com/item/%E5%85%8B%E9%9A%86%E5%B8%90%E5%8F%B7/6540415?fr=aladdin

https://www.cnblogs.com/s0ky1xd/p/5823985.html

yzddmr6 avatar Jul 15 '19 09:07 yzddmr6

I think the functions you mentioned are very similar to those of this module 我觉得你说的功能和这个模块的很像

modules/post/windows/manage/rid_hijack.rb

cn-kali-team avatar Oct 05 '22 00:10 cn-kali-team

I believe the feature you're requesting is already covered here https://github.com/rapid7/metasploit-framework/blob/a81a71c5dfb493bb478809d7335fc39d601c3881/modules/post/windows/manage/rid_hijack.rb

dwelch-r7 avatar Jun 06 '23 13:06 dwelch-r7