/LaunchSystemCmd

在权限足够的情况下弹出system权限的cmd命令行,包含exe和dll两种文件类型,可用于一些可能存在本地提权漏洞的测试。

Primary LanguageC++GNU General Public License v3.0GPL-3.0

LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

launch cmd.exe in Session 0

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

Set Parent

CreateProcessA()

GIF Show

LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

rundll32 LaunchSystemCmdDll.dll,Run