Skip to content

Latest commit

 

History

History
21 lines (15 loc) · 606 Bytes

README.md

File metadata and controls

21 lines (15 loc) · 606 Bytes

LaunchSystemCmdExe

launch a cmd.exe process with system permissions.

launch cmd.exe in Session 0

WTSGetActiveConsoleSessionId() / ProcessIdToSessionId() / DuplicateTokenEx() / WTSEnumerateSessions() / CreateProcessAsUser()

Injetc session>0(gui system process)

ZwCreateThreadEx() / CreateRemoteThread()

Set Parent

CreateProcessA()

GIF Show

LaunchSystemCmdDll

System Process Dll Hijack Test :) , Command line:

rundll32 LaunchSystemCmdDll.dll,Run