mvelazco mvelazc0
mvelazc0
/ GetSystem.cs
Last active
February 17, 2025 17:39
Escalates to SYSTEM leveraging OpenProcess, OpenProcessToken and ImpersonateLoggedOnUser. https://attack.mitre.org/beta/techniques/T1134/. Needs to run as a High Integrity proc. Needs SeDebugPrivilege
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Principal; | |
| //Based on https://0x00-0x00.github.io/research/2018/10/17/Windows-API-and-Impersonation-Part1.html | |
| namespace GetSystem | |
| { | |
| class Program | |
| { |
mvelazc0
/ InjectDonut.cs
Last active
October 12, 2020 23:45
Leverages donut.exe (https://github.com/TheWover/donut) to generate position independant shellcode and injects it into a process using CreateRemoteThread. In this POC, notepad.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Diagnostics; | |
| using System.IO; | |
| namespace InjectDonut | |
| { | |
| public class Program | |
| { |
NewerOlder