clem9669
commented
4 years ago I would be nice to have it check with WinPEAS. The autor already implemented it in a ps1 script (https://github.com/itm4n/PrivescCheck/blob/master/PrivescCheck.ps1)
Closed clem9669 closed 4 years ago
clem9669
commented
4 years ago I would be nice to have it check with WinPEAS. The autor already implemented it in a ps1 script (https://github.com/itm4n/PrivescCheck/blob/master/PrivescCheck.ps1)
carlospolop
commented
4 years ago Hi mate, thank you very much for the information as always. I have added this trick to Hacktricks and I have modified winpeas to mark AppendData permissions as sensitive. You can see that change in this commit: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/commit/16fd60d99ad033e19843ddb82421330c7d250c72 In order to use this version you need to recompile winpeas.
A new method of EoP has been discovered as described in https://itm4n.github.io/windows-registry-rpceptmapper-eop/