Windows Privilege Escalation - Writable Service Executable

Рет қаралды 9,991

Күн бұрын

There are many different ways that local privilege escalation can be done on a Windows system. This video goes over priv esc in the case where a low privilege user is able to overwrite a service executable that is run by a high privilege user. This technique can be very helpful to those studying for the OSCP exam.
Join my Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter: / 0xconda
If you found this video helpful and would like to support future creations, please considering visiting the following links:
Patreon: / conda
Buy Me a Coffee: www.buymeacoff...
Amazon affiliate link (anything purchased through this link will provide me with a small commission): amzn.to/3hsHzD2
Windows Privilege Escalation Mind Map: github.com/C0n...
PowerUp: github.com/Pow...

Пікірлер: 35

@Haxr-dq6wt 3 жыл бұрын

Another 12 minutes of pure talent. Please continue with the Priv esc series Conda

@c0nd4 3 жыл бұрын

Will do! Thank you for the kind words!

@tt-fx6nt 2 жыл бұрын

0:48 wmic service get name, startname, pathname 4:45 msfvenom -p windows/adduser USER=backdoor_admin PASS=PleaseSub! -f exe > service.exe Hi Brandon, great video as always. However the font is very small, probably you can zoom it in to make it easy to be read. Thanks and keep up the good work.

@c0nd4 2 жыл бұрын

Thanks for the feedback! I've tried to adjust this in newer videos to make it easier to see.

@ca7986 3 жыл бұрын

Yeah please consider making more on Windows priv esc

@c0nd4 3 жыл бұрын

More should be coming soon 😁

@ca7986 3 жыл бұрын

@@c0nd4 ❤️👌🌟

@montala3380 2 жыл бұрын

Hi Conda, How to create a vuln service as in your demo?

@jaybailey216 3 жыл бұрын

Wow I never knew msfvenom had an adduser option although I probably should have 😂! That's awesome! Great video!

@c0nd4 3 жыл бұрын

Thanks! I didn't know about that option for a while either, but it's a game changer for sure.

@jaybailey216 3 жыл бұрын

@@c0nd4 yeah it is! That would've helped on my first attempt!

@sajidshamir 3 жыл бұрын

i love the way you explain things, loud and clear, will be thankful if you consider pass the hash, pass the ticket, over pass the hash, some kerborous attack, psexec, and llmnr, nbtdns on windows and few more attack..

@c0nd4 3 жыл бұрын

Thank you! I do plan on covering those on the domain that we set up before. Stay tuned!

@davidfishwick5573 5 ай бұрын

I can't think of a single service that allows a standard user the permission modify the executable file.

@c0nd4 5 ай бұрын

I've seen this many times in real life engagements and bug bounty programs. You'd be surprised.

@TalsonHacks 3 жыл бұрын

Let's make this a series! A really awesome and clear way of explanation. Thank you for posting!

@c0nd4 3 жыл бұрын

Thank you! Glad you liked it!

@vaibhavbhavsar8550 2 жыл бұрын

Bro you are a really good teacher i like the way you teach Love from india

@c0nd4 2 жыл бұрын

Thank you very much!

@razaabbas5668 2 жыл бұрын

Hey are you planning to do the review on OSEP? I want to know how an OSCP person can get OSEP

@ajaykumark107 3 жыл бұрын

Please make more videos

@sajidshamir 3 жыл бұрын

Great work.. ya need to see some more..

@c0nd4 3 жыл бұрын

Thank you! I do plan on making more soon

@grandmakisses9973 3 жыл бұрын

You should show how you set it up in every vid

@scout17s17 3 жыл бұрын

Really nice Video thank you 👍🏽

@c0nd4 3 жыл бұрын

No problem 😁

@ca7986 3 жыл бұрын

❤️👌

@grandmakisses9973 3 жыл бұрын

Hey Brandon

@bellafritsch0014 3 жыл бұрын

OMG 😍💋 💝💖❤️

@grandmakisses9973 3 жыл бұрын

What’s up baby!

@grandmakisses9973 3 жыл бұрын

You Into sexy cyber security men

@TheSoonToBePurgedJackMeHoff55 3 жыл бұрын

@@grandmakisses9973 lol something tells me that "she" may not be interested in anyone with more than two brain cells to rub together, brotha. You may not be in "her" demo haha