timwhitez starred PetitPotam
2023-1-13 16:35:50 Author: github.com(查看原文) 阅读量:24 收藏

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

description

替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数

借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式

Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized

Use

Petitpotam提供了如下几种接口函数用于本地提权:

1.EfsRpcOpenFileRaw (fixed with CVE-2021-36942)
2: EfsRpcEncryptFileSrv_Downlevel
3: EfsRpcDecryptFileSrv_Downlevel
4: EfsRpcQueryUsersOnFile_Downlevel
5: EfsRpcQueryRecoveryAgents_Downlevel
6: EfsRpcRemoveUsersFromFile_Downlevel
7: EfsRpcAddUsersToFile_Downlevel

Usage:Petitpotam -m <EFS-API-to-use> -c //选择对应的索引即可

notice

管道模拟RPC安全上下文需要SecurityImpersonation权限,因此适用于Service服务用户提权至SYSTEM用户

example


文章来源: https://github.com/crisprss/PetitPotam
如有侵权请联系:admin#unsafe.sh