A script that helps in abusing a Windows privilege

Spoiler Removed

I appreciate your work on this. I will definitely look at it later. :wink:

Thanks for the script, will check it out :slight_smile:

FYI technically that backup privilege isn’t an “AD privilege”. Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: Privilege Constants (Winnt.h) - Win32 apps | Microsoft Learn

But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.

Type your comment> @VbScrub said:

Thanks for the script, will check it out :slight_smile:

FYI technically that backup privilege isn’t an “AD privilege”. Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: Privilege Constants (Winnt.h) - Win32 apps | Microsoft Learn

But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.

That was quite enlightening. Thank you!
I think I said so because the said box was AD. But it appears to be a general Windows exploit.