A script that helps in abusing a Windows privilege

edited June 2020 in Exploits

Spoiler Removed

Comments

  • I appreciate your work on this. I will definitely look at it later. ;)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Thanks for the script, will check it out :)

    FYI technically that backup privilege isn't an "AD privilege". Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants

    But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.

  • edited June 2020

    Type your comment> @VbScrub said:

    Thanks for the script, will check it out :)

    FYI technically that backup privilege isn't an "AD privilege". Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants

    But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.

    That was quite enlightening. Thank you!
    I think I said so because the said box was AD. But it appears to be a general Windows exploit.

Sign In to comment.