Jump to content


satyricon11

Member Since 27 Dec 2009
Offline Last Active Oct 02 2017 06:23 AM
-----

Topics I've Started

Windows 7 Privilege Escalation

30 September 2017 - 01:21 PM

Hey guys so I'm messing around with a copy of Windows 7, Metasploit, and the python programming language. I've noticed that even after I've got NT/AUTHORITY access on a machine, there are still certain things that I cant do. After doing some research I found out that even with superuser access, I may not be in the correct "privilege ring" to accomplish what I want, ie forcing the computer to stop system critical programs, delete certain files, etc.

 

So my thought here is, knowing that the smss.exe process is responsible for starting the kernel and user modes and loads the registry, what if I created a registry key that lets me interact with a custom python script. Would it inherit the same privs/rights as smss.exe? Does anyone have any thoughts or recommendations?

 

BTW, I know that me wanting to delete or stop system critical files is ridiculous. As stated above, this is all in a VM on my PC and is all proof of concept and me goofing off.