NetworkServiceExploit

A simple POC for NetworkService PrivEsc as described by Forshaw (https://www.tiraniddo.dev/2020/04/sharing-logon-session-little-too-much.html)

Most of the code is taken from: https://github.com/milkdevil/incognito2/

Edits

I have done minor edits to this exploit, to allow the user to spawn a new process on a specified desktop. This can be useful when you want to have an interactive SYSTEM command prompt without using a reverse shell or similar when exploiting e.g. a service.

NetworkServiceExploit.exe:
-c <command>
-i interactive mode
-l list unique tokens
-p <pid> specific pid to look for
-d <ID> Spawn a new process on the desktop corresponding to this session *ID* (check your ID with qwinsta)

The code for the edit was taken from here: https://github.com/itm4n/PrintSpoofer

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
binaries		binaries
Main.c		Main.c
NetworkServiceExploit.sln		NetworkServiceExploit.sln
NetworkServiceExploit.vcxproj		NetworkServiceExploit.vcxproj
NetworkServiceExploit.vcxproj.user		NetworkServiceExploit.vcxproj.user
README.md		README.md
child_process.c		child_process.c
child_process.h		child_process.h
handle_arguments.c		handle_arguments.c
handle_arguments.h		handle_arguments.h
list_tokens.c		list_tokens.c
list_tokens.h		list_tokens.h
process_execution.c		process_execution.c
process_execution.h		process_execution.h
token_info.c		token_info.c
token_info.h		token_info.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

NetworkServiceExploit

Edits

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

NetworkServiceExploit

Edits

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages