Local Services

The technique below we learned in the Proving Ground machine Squid.

FullPowers.exe

If we have a service account we can regain our privileges when we start a task. However the started process won't have the SeImpersonateToken for this we will use FullPowers.exe which we can find below in itm4n's repository.

LogoGitHub - itm4n/FullPowers: Recover the default privilege set of a LOCAL/NETWORK SERVICE accountGitHub
FullPowers.exe Repo
LogoGive Me Back My Privileges! Please?itm4n’s blog
Technique Explaination
PreviousUnquoted Service PathsNextScheduled Tasks

Last updated