Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yanghaoi/LaunchSystemCmd

在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。
https://github.com/yanghaoi/LaunchSystemCmd

local-privilege-escalation system-cmd-gui

Last synced: about 2 months ago
JSON representation

在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。

Host: GitHub
URL: https://github.com/yanghaoi/LaunchSystemCmd
Owner: yanghaoi
License: gpl-3.0
Created: 2021-11-30T16:29:12.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2022-04-07T18:46:41.000Z (almost 3 years ago)
Last Synced: 2024-08-05T17:27:09.271Z (5 months ago)
Topics: local-privilege-escalation, system-cmd-gui
Language: C++
Homepage:
Size: 1.01 MB
Stars: 30
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - yanghaoi/LaunchSystemCmd - 在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。 (C++)

README

        # LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

### launch cmd.exe in Session 0 

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

### Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

### Set Parent

CreateProcessA()

### GIF Show

![](https://cdn.jsdelivr.net/gh/yanghaoi/LaunchSystemCmd/LaunchSystemCmdExe/Images/run.gif)

# LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

  ```markdown

  rundll32 LaunchSystemCmdDll.dll,Run

  ```