工具分享--PrivKit检测权限提升漏洞
2023-3-21 09:38:3 Author: 网络安全交流圈(查看原文) 阅读量:33 收藏

    PrivKit是一个简单的信标对象文件,用于检测Windows操作系统上的错误配置导致的权限提升漏洞。

PrivKit检测到以下错误配置:

未引用的服务路径检查自动登录注册表项检查是否始终安装提升的注册表项检查可修改的自动运行检查可劫持路径从凭据管理器枚举凭据查找当前的令牌权限

使用方法:
[03/20 00:51:06] beacon> privcheck[03/20 00:51:06] [*] Priv Esc Check Bof by @merterpreter[03/20 00:51:06] [*] Checking For Unquoted Service Paths..[03/20 00:51:06] [*] Checking For Autologon Registry Keys..[03/20 00:51:06] [*] Checking For Always Install Elevated Registry Keys..[03/20 00:51:06] [*] Checking For Modifiable Autoruns..[03/20 00:51:06] [*] Checking For Hijackable Paths..[03/20 00:51:06] [*] Enumerating Credentials From Credential Manager..[03/20 00:51:06] [*] Checking For Token Privileges..[03/20 00:51:06] [+] host called home, sent: 10485 bytes[03/20 00:51:06] [+] received output:Unquoted Service Path Check Result: Vulnerable service path found: c:\program files (x86)\grasssoft\macro expert\MacroService.exe

只需加载cna文件并键入“privcheck”
如果你想自己编译,你可以用途:

x86_64-w64-mingw32-gcc -c cfile.c -o ofile.o


例如,如果只想查找一个misconf,可以使用带有“inline-execute”的目标文件 inline-execute /path/tokenprivileges.o


点击关注下方名片进入公众号
回复关键字【001】获取下载链接


文章来源: http://mp.weixin.qq.com/s?__biz=MzI1MDk3NDc5Mg==&mid=2247484369&idx=1&sn=6a4376ee18cf6ad7115bf233f3c5a598&chksm=e9fb44f6de8ccde01e1f0a029f873b811eba2b6a2b3c234fa8c9ef3de562bf5015ebb98e46f6#rd
如有侵权请联系:admin#unsafe.sh