DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
I'm trying to run this through a C2 server and things get a bit tricker because I need that .dll in the same folder where the .exe runs, and also if I'm running through C2 I can't get access to that new cmd.exe that spawns as SYSTEM.
I've played around with a ton of options and couldn't get it working so I thought I'd ask: can the -sc flag be a call to cmd.exe with some actions attached, like net localgroup administrators add luser /add? If so could you provide an example of formatting please? I think I've tried them all :-)
Hi there,
Love this project. Works like a champ in my lab.
I'm trying to run this through a C2 server and things get a bit tricker because I need that .dll in the same folder where the .exe runs, and also if I'm running through C2 I can't get access to that new cmd.exe that spawns as SYSTEM.
I've played around with a ton of options and couldn't get it working so I thought I'd ask: can the
-sc
flag be a call tocmd.exe
with some actions attached, likenet localgroup administrators add luser /add
? If so could you provide an example of formatting please? I think I've tried them all :-)