https://github.com/notdodo/localadminsharp

.NET executable to use when dealing with privilege escalation on Windows to gain local administrator access
https://github.com/notdodo/localadminsharp

backdoor csharp privesc privilege-escalation redteam

Last synced: about 9 hours ago
JSON representation

.NET executable to use when dealing with privilege escalation on Windows to gain local administrator access

• Host: GitHub
• URL: https://github.com/notdodo/localadminsharp
• Owner: notdodo
• Created: 2022-01-01T10:35:09.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-11-01T17:45:43.000Z (about 2 years ago)
• Last Synced: 2024-03-16T06:01:54.650Z (8 months ago)
• Topics: backdoor, csharp, privesc, privilege-escalation, redteam
• Language: C#
• Homepage:
• Size: 9.77 KB
• Stars: 146
• Watchers: 4
• Forks: 17
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# LocalAdminSharp

.NET executable to use when dealing with privilege escalation on Windows to gain local administrator access. This simple tool creates a new user adds it to the local administrator group; if the user exists it will just be added to the admin group.

You can also edit the code to add a domain user to the local administrator group editing the variable `domain`.

## Build

Open the solution in Visual Studio (tested only on Visual Studio 2019 Community Edition) and compile the EXE for the desired architecture (x86, x64); in the Release mode the PBD file is removed.

## Customize

To create custom user just edit the file `Program.cs` with the desired username, password, group and domain.

## Usage

* Standalone: `.\LocalAdminSharp.exe`

* Chain: use the EXE to be executed from another script/tool (i.e. for privescs)

## Analysis

The PBD file is removed when compiling in Release mode and Windows Defender does not detect it as malicious (yet). Obfuscation should be used after the compilation to avoid easy RE using, for example, dnSpy.