Privilege Escalation
The adversary is trying to gain higher-level permissions. https://attack.mitre.org/tactics/TA0004/
Last updated
The adversary is trying to gain higher-level permissions. https://attack.mitre.org/tactics/TA0004/
Last updated
If you run whoami /priv
and you see SeDebugPrivilege
set to Enabled
, you can assume you already have SYSTEM. One way of doing it, is using 's psgetsys.ps1
once you have a good idea on a PID to inject:
. .\psgetsys.ps1; [MyProcess]::CreateProcessFromParent(7864, 'C:\temp\payload.exe');
You can also gain a MSF session and use the module windows/manage/payload_inject
with a PID of your choice.
From a host with unconstrained delegation, "" and can be used to cause a TGT relay from the target host to us running responder, so we can generate a TGS for any user on that target host:
If we have GenericWrite
privileges over a host and we are a user that has an SPN, we can write our SID to the msDS-AllowedToActOnBehalfOfOtherIdentity
property against the AD object user and forge tickets as anyone we like. You can read more about it here: