PrivKit检测到以下错误配置:
未引用的服务路径
检查自动登录注册表项
检查是否始终安装提升的注册表项
检查可修改的自动运行
检查可劫持路径
从凭据管理器枚举凭据
查找当前的令牌权限
使用方法:
[ ] beacon> privcheck
[by @merterpreter ] [*] Priv Esc Check Bof
[ ] [*] Checking For Unquoted Service Paths..
[ ] [*] Checking For Autologon Registry Keys..
[ ] [*] Checking For Always Install Elevated Registry Keys..
[ ] [*] Checking For Modifiable Autoruns..
[ ] [*] Checking For Hijackable Paths..
[ ] [*] Enumerating Credentials From Credential Manager..
[ ] [*] Checking For Token Privileges..
[10485 bytes ] [+] host called home, sent:
[ ] [+] received output:
Unquoted Service Path Check Result: Vulnerable service path found: c:program files (x86)grasssoftmacro expertMacroService.exe
只需加载cna文件并键入“privcheck”
如果你想自己编译,你可以用途:
x86_64-w64-mingw32-gcc -c cfile.c -o ofile.o
inline-execute /path/tokenprivileges.o
下载地址:
原文始发于微信公众号(网络安全交流圈):工具分享--PrivKit检测权限提升漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论