0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-08-30 22:56:59 +00:00 committed by gitbook-bot
parent c5ab772678
commit 292a0e1879
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
windows/windows-local-privilege-escalation/README.md
View file

@ -1238,6 +1238,10 @@ sc start newservicename
From a High Integrity process you could try to **enable the AlwaysInstallElevated registry entries** and **install** a reverse shell using a _**.msi**_ wrapper.
[More information about the registry keys involved and how to install a _.msi_ package here.](./#alwaysinstallelevated)
### High + SeImpersonate privilege to System
**You can** [**find the code here**](seimpersonate-from-high-to-system.md)**.**
### From SeDebug + SeImpersonate to Full Token privileges
If you have those token privileges \(probably you will find this in an already High Integrity process\), you will be able to **open almost any process** \(not protected processes\) with the SeDebug privilege, **copy the token** of the process, and create an **arbitrary process with that token**.