Windows Privilege Escalation - AlwaysInstallElevated

Рет қаралды 7,691

Күн бұрын

Пікірлер: 37

@caueb 3 жыл бұрын

Great video Conda, I'm taking the oscp next week and your videos are very helpful. Just one thing I would like to add here is the command to execute the reverse shell via terminal in case you don't have RDP into machine: msiexec /i "C:\Windows\Temp\shell.msi"

@c0nd4 3 жыл бұрын

Good luck on the exam! Thanks for adding that little tip. I pinned your comment so others can see that too. Appreciate it!

@andreapiola369 2 жыл бұрын

Just so you know, this is much better explained than some paid content out there. Thanks for all the work.

@c0nd4 2 жыл бұрын

Thank you! That's awesome to hear

@Eggsec 11 ай бұрын

I used this method couple of times! Very powerful. I don't see it as much in ctf environments

@Haxr-dq6wt 3 жыл бұрын

Hats off The king is back with another legendary video

@c0nd4 3 жыл бұрын

Thanks! Loving the enthusiasm 😀

@cwinfosec 3 жыл бұрын

I love this technique! This is one of my favorite ways to escalate!

@c0nd4 3 жыл бұрын

Oh yeah, it's such a sweet victory

@TotemManVooDoo 3 жыл бұрын

I love all your videos man; learned a lot from your videos. You do a great job at explaining everything. Keep up the great work!

@c0nd4 3 жыл бұрын

Thank you so much! I really appreciate that

@prashantpandey645 3 жыл бұрын

Really amazing @conda ❤️

@c0nd4 3 жыл бұрын

Thank so you much! The support means a lot :)

@deidara_8598 3 жыл бұрын

Really nice tutorial, you explain very well. Liked and subbed.

@c0nd4 3 жыл бұрын

Thank you! I really appreciate it

@Umar0x01 3 жыл бұрын

Thank you! Little feedback: Please use extensions to change the color of pages with white background 😬

@abhishek_k7 3 жыл бұрын

This was great and I like it but would have also liked to see a complete CLI way since we won't always have RDP to do things with GUI. Great video nonetheless. Thank you!

@ITachi_11.11 2 жыл бұрын

Great straight forward video! But I do have one question, how would you set the AlwaysInstallElevated to 0x1 on a computer with normal user privs e.g a work from home laptop for us to be able to run the payload correctly? I saw you changing that on your windows (victim machine) as you already own it and have admin access but what if you dont control that machine? Appreciate your response

@joshuafranco7998 Жыл бұрын

great video!

@koushiksuthar95 3 жыл бұрын

Please share your complete setup tour❤️❤️

@c0nd4 3 жыл бұрын

Great idea! 👍

@koushiksuthar95 3 жыл бұрын

@@c0nd4 I guess next video will be your complete Setup Tour😜😜

@grandmakisses9973 3 жыл бұрын

@@koushiksuthar95 next sunday

@smidi4711 3 жыл бұрын

lool what a timing I'm sure I saw it somewhere to get privesc but I forgot where 🤣anyway gg

@c0nd4 3 жыл бұрын

Haha I was a little too late!

@smidi4711 3 жыл бұрын

@@c0nd4 nah it's good no spoiler i hope 🤞

@thejulfikar 11 ай бұрын

thanks man

@AllenGaming. 3 жыл бұрын

So you can’t use this method if you don’t have the admin credentials to add the registry key? But if you have admin creds don’t u already have nt authority?

@c0nd4 3 жыл бұрын

This is to show exploiting a misconfiguration. As in, if you see that registry key is set then you can exploit it. I only showed how to add it so you can replicate the attack in a lab.

@AllenGaming. 3 жыл бұрын

@@c0nd4 ahhhhh okay nice vid.👍🏽

@AllenGaming. 3 жыл бұрын

@@c0nd4 is there a way we can verify, or see if it’s misconfigured like that?

@c0nd4 3 жыл бұрын

@@AllenGaming. yes run the registry queries I showed

@Kingdd1os Жыл бұрын

@@c0nd4 i have a question iam searching for it very long time hope you can answer , is it possible to break out the absolute lowest level for example public account or Internet Coffeshop User account and going up to medium and higher? Could you please make a explanation in your series. Thank you very much.

@ca7986 3 жыл бұрын

❤️👌

@david808323 3 жыл бұрын

how is that privilege escalation when you logged in as Administrator before you set the registry keys? that's called a backdoor, not a genuine privilege escalation. Sorry.

@c0nd4 3 жыл бұрын

I logged in and set the registry keys so that people can follow along in a lab. The privilege escalation technique exploits a system that has those keys set already, which can happen during system provisioning. It certainly is a privilege escalation method based off of a misconfiguration.

@VitoV77 3 жыл бұрын

Thanks for the video, nice work! You said the .msi execution could be done over a WinRM Session. I tried that and it didn't work.. "msiexec /quiet /qn /i C:\pathtomsi\shell.msi /L*V msi.log" The log tells it returns with code 1601. Do you know what could be the problem?