Stack Overflow
Stack Overflow

Questions tagged [privilege-elevation]

48 questions
0
votes
0 answers

Why does RPCSS would have a handle which type is token and whose owner is SYSTEM?

I am trying to understand token kidnapping. I read this: get the PID of the “rpcss” service open the process, list all handles and for each handle try to duplicate it and get the handle type if handle type is “Token” and token owner is SYSTEM, try…
ilich262
  • 13
  • 2
0
votes
1 answer

How does the Appinfo service creates an elevated process under the hood?

To my understanding, during logon if the user is part of Administrators group, lsass creates a medium IL filtered token with stripped out privileges and attaches it to the first user process. which then propagates to any subsequent process that user…
pralaynath_gainda_swamy
  • 21
  • 6
0
votes
0 answers

How to change a Process' Privilege Level inside of a Windows File Filter Driver (minifilter driver)?

What Windows kernel API calls are available from a Windows File System Filter Driver (minifilter driver) that allow the driver to change the privilege level to/from SYSTEM/Administrator for a process that was intercepted by the File System Filter…
Zig Shanklin
  • 51
  • 1
  • 5
0
votes
0 answers

Is there a way to execute a program with elevated privileges as a non-admin user in Win10?

I am trying to automate a few things with a few scripts. One of the users in my PC has no admin privileges (I have a "Work" user and a "Gaming" user and I don't want the latter to be admin by default). However sometimes I need to grant…
rovda
  • 221
  • 2
  • 10
0
votes
1 answer

Yum privilege escalation

I found this piece of code while doing some ctf on tryhackme. And I don't understand it. Can somebody explain me what exactly it does? TF=$(mktemp -d) cat >$TF/x<
Jarwyd
  • 45
  • 6
0
votes
3 answers

Google Cloud equivalent of Azure Privileged Identity Management (PIM)

I am used to working with Azure, but have recently joined a project running from a set of docker instances in Google Cloud. I would like to secure the setup in Google Cloud the way I have been used to do it in Azure. In Azure it is possible to…
Jay Pete
  • 4,123
  • 4
  • 35
  • 51
0
votes
0 answers

Possible to change user with "sudo su - " (no password) with Ansible?

I am attempting to automate placing node-exporter on some UAT servers. Our provided method of privilege escalation to our admin user is "sudo su - " Ansible docs make it clear that chaining become methods isn't possible, but is there a work around…
user10615131
  • 3
  • 3
0
votes
2 answers

How to get privilege escalation using a vulnerable program with root privilege?

I am trying to exploit privilege escalation for a vulnerable program with root privilege. I tried a shell code for that but I do not know where I am making a mistake. #include #include int main(int argc, char *argv[]) { char…
UserM UserLM
  • 9
  • 6
0
votes
2 answers

where/how to put a class to control what a user can do (privileges)?

I am using a class that performs the right query based on $_POST['action'].. Example: class data { //>pseudocode __constructor(){ if ($_POST['action']=='insert') mysql_query("INSERT .."); else if ($_POST['action']=='edit') …
anon
0
votes
2 answers

Pass root privilege to "os" commands in Python

I am adding functionality to a PyQt5 application. This new functionality involves copying, linking and removing files (and links) that may be in protected directories, so commands like os.symlink or shutil.copyfile would fail. Of course the main…
uli_1973
  • 705
  • 1
  • 5
  • 22
0
votes
0 answers

How to remotely execute an remote script in PowerShell

First off: This is not a duplicate of How to remote execute an ELEVATED remote script in PowerShell. My scenario is similar but different in a certain way. What I want to do is the following: Invoke-Command -UseSSL -ComputerName "$COMPUTER"…
Thorian93
  • 252
  • 3
  • 12
0
votes
0 answers

What is the equivalent to authopen on Linux?

I'd like to elevate the privilege of a program temporarily so that I can write to a device file (usually an SDCard like on /dev/sdc, etc.). On OSX, I can run authopen to ask the user for permission (if necessary) and get back an open filehandle.…
Frank Hunleth
  • 720
  • 4
  • 13
0
votes
0 answers

Possibility of existence of CPU backdoor on famous CPUs

I'm not claiming that this has already happened. My question is, how can I make sure that there is not an undocumented CPU instruction designed intentionally to be used as a backdoor? An illegal opcode or a sequence of instructions, which, when…
Mehrdad Nazmdar
  • 184
  • 10
0
votes
3 answers

Script to change PowerShell ExecutionPolicy

When I setup my system, I use a number of config scripts to have my cosy place to play. Based on this, I run by double-clicking the following enableps.js: new ActiveXObject("Shell.Application").ShellExecute( "powershell", "-noexit -Command \"&…
antonio
  • 10,629
  • 13
  • 68
  • 136
0
votes
0 answers

Can not run-as-administrator by Inno Setup

I create an installer by Inno setup. MyPro.exe installed by the installer should run as administrator in Win7. The following is the important part of the script. However, MyPro.exe still can not run as administrator and it can not write its profile…
r766r766
  • 1
  • 3
1 2
3
4