πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
PowerUp
PrivescCheck
Lateral Movement
Powered By GitBook
PrivescCheck
PrivescCheck is an amazing PowerShell Script that looks for multiple vulnerable configurations, cleartext credentials, and missing patches for exploitation that can allow the operator to elevate privileges on the workstation, it is currently only in C#, but it is actively maintained and well worked on.
In this example, I will demonstrate the SeimpersonatePrivilege with this the user is allowed to impersonate a user or account and act on behalf of the user.
Running PrivescCheck will demonstrate this permission as True
More info
TL;DR
The PrintSpoofer abuses the permissions to create a pipe and has the local system try and authenticate to impersonate its token.
A demonstration of exploiting this permission
Previous
PowerUp
Next
Lateral Movement
Last modified 5mo ago
Copy link