PrivKit检测到以下错误配置:
未引用的服务路径检查自动登录注册表项检查是否始终安装提升的注册表项检查可修改的自动运行检查可劫持路径从凭据管理器枚举凭据查找当前的令牌权限
使用方法:
[03/20 00:51:06] beacon> privcheck[03/20 00:51:06] [*] Priv Esc Check Bof by @merterpreter[03/20 00:51:06] [*] Checking For Unquoted Service Paths..[03/20 00:51:06] [*] Checking For Autologon Registry Keys..[03/20 00:51:06] [*] Checking For Always Install Elevated Registry Keys..[03/20 00:51:06] [*] Checking For Modifiable Autoruns..[03/20 00:51:06] [*] Checking For Hijackable Paths..[03/20 00:51:06] [*] Enumerating Credentials From Credential Manager..[03/20 00:51:06] [*] Checking For Token Privileges..[03/20 00:51:06] [+] host called home, sent: 10485 bytes[03/20 00:51:06] [+] received output:Unquoted Service Path Check Result: Vulnerable service path found: c:\program files (x86)\grasssoft\macro expert\MacroService.exe
只需加载cna文件并键入“privcheck”
如果你想自己编译,你可以用途:
x86_64-w64-mingw32-gcc -c cfile.c -o ofile.o
例如,如果只想查找一个misconf,可以使用带有“inline-execute”的目标文件
inline-execute /path/tokenprivileges.o点击关注下方名片进入公众号
文章来源: http://mp.weixin.qq.com/s?__biz=MzI1MDk3NDc5Mg==&mid=2247484369&idx=1&sn=6a4376ee18cf6ad7115bf233f3c5a598&chksm=e9fb44f6de8ccde01e1f0a029f873b811eba2b6a2b3c234fa8c9ef3de562bf5015ebb98e46f6#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh