Jump to content


Member Since 27 Dec 2009
Offline Last Active Mar 12 2018 10:55 AM

Topics I've Started

audiodg process ownership

05 March 2018 - 12:49 PM

So I am poking around with a VM of Windows 7 and Metasploit. After listing all running processes in meterpreter (as NT AUTHORITY/SYSTEM) I noticed that there was no owner for the audiodg.exe process.  However, under the windows task manager on the local machine, I see that the processes is listed as a local service. 


My questions are:

1) Who owns this process and what privileges does it have?

2) Why doesn't the owner show up when I list all running processes in meterpreter or any custom python script

3) Would this process have ring0 access since I can't kill it or migrate to it as NT AUTHORITY/SYSTEM


Based off of the reading I've done, my assumption is that since this .exe deals with drivers / driver signing there is a good possibility of ring0 access if I could migrate/exploit this process.



Windows 7 Privilege Escalation

30 September 2017 - 01:21 PM

Hey guys so I'm messing around with a copy of Windows 7, Metasploit, and the python programming language. I've noticed that even after I've got NT/AUTHORITY access on a machine, there are still certain things that I cant do. After doing some research I found out that even with superuser access, I may not be in the correct "privilege ring" to accomplish what I want, ie forcing the computer to stop system critical programs, delete certain files, etc.


So my thought here is, knowing that the smss.exe process is responsible for starting the kernel and user modes and loads the registry, what if I created a registry key that lets me interact with a custom python script. Would it inherit the same privs/rights as smss.exe? Does anyone have any thoughts or recommendations?


BTW, I know that me wanting to delete or stop system critical files is ridiculous. As stated above, this is all in a VM on my PC and is all proof of concept and me goofing off.