https://github.com/yanghaoi/LaunchSystemCmd

在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。
https://github.com/yanghaoi/LaunchSystemCmd

local-privilege-escalation system-cmd-gui

Last synced: about 1 month ago
JSON representation

在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。

• Host: GitHub
• URL: https://github.com/yanghaoi/LaunchSystemCmd
• Owner: yanghaoi
• License: gpl-3.0
• Created: 2021-11-30T16:29:12.000Z (almost 3 years ago)
• Default Branch: master
• Last Pushed: 2022-04-07T18:46:41.000Z (over 2 years ago)
• Last Synced: 2024-05-08T01:31:40.415Z (4 months ago)
• Topics: local-privilege-escalation, system-cmd-gui
• Language: C++
• Homepage:
• Size: 1.01 MB
• Stars: 28
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - yanghaoi/LaunchSystemCmd - 在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。 (C++)

README

        
# LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

### launch cmd.exe in Session 0 

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

### Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

### Set Parent

CreateProcessA()

### GIF Show

![](https://cdn.jsdelivr.net/gh/yanghaoi/LaunchSystemCmd/LaunchSystemCmdExe/Images/run.gif)

# LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

  ```markdown

  rundll32 LaunchSystemCmdDll.dll,Run

  ```