Hanshell
ahmedfamhy3 opened this issue · 10 comments
Hey,
everything works fine when i execute as normal user
but it gives Error: 1314 when using as NT System
OS Name: Microsoft Windows Server 2022 Standard
OS Version: 10.0.20348 N/A Build 20348
Hi @ahmedfamhy3,
I've added some minor changes to the PoC in order to enable SE_INCREASE_QUOTA_NAME privilege as well. This may solve your issue, may your please give it a try to the latest commit? Let me know how it goes ;)
In case it keeps failing, may you send me a screenshot from Process Hackers (or any other tool) showing me the privileges granted to the w3wp.exe process?
I tried with the latest commit, It's still giving the same error, sorry i can't send a screenshot at the moment at least
No problem. I've pushed a new commit, and this time I've tested it with a System token as well and everything seems to be working properly.
Let me know if this works for you too.
still bro
maybe av is preventing this privilege escalation
I've installed a fresh Windows Server 2022 and it seems like the shell is working properly with the default configuration. Thus, is probable that the issue may be related with you AV, as you said. May I know what's your AV software?
are you sure you are using the same build number or newer
av is Avast
can i have your telegram username?
I've used the latest build that you can download from the Microsoft's official website, I don't think there too much of a difference between the build that you may be using and the one I've installed.
Can you check if the user token associated with the w3wp.exe process has granted the required privileges (SE_IMPERSONATE_PRIVILEGE, SE_INCREASE_QUOTA_PRIVILEGE, SE_ASSIGNPRIMARYTOKEN_PRIVILEGE)?
I will have to wait for the next week in order to have a physical access, mainwhile can you please install avast and try with it?
Hi @ahmedfamhy3,
Any update regarding this issue?
i thought you closed it