Category : privileges

So after trying to install gurobi for python C:Program Files (x86)win64>python3.8 setup.py install (as administrator using cmd) it fails with message error: could not create ‘C:Program Access is denied I asked gurobi support and they said When you have Python installed to your Program Files directory it requires admin privileges to add new packages. In ..

Read more

I don’t quite understand how Windows process privilege system works. When I start my application as an administrator (i.e. elevated), according to Process Explorer, its SeCreateSymbolicLinkPrivilege privilege exists but is disabled. Despite that, creating symlinks with CreateSymbolicLink() works fine. My understanding was that an application needs to request a privilege using AdjustTokenPrivileges() before it does ..

Read more

In Windows server 2016 and 10, I can execute LPE and escalated cmd is open. But I can’t do it when I execute exploit in webshell(iis6). Exploit is CVE-2017-0213 and I modified it to open reverse shell because original exploit’s result is just open escalated cmd. . When I executed modified exploit in local environment(vmware), ..

Read more

use std::os::windows::fs; // https://doc.rust-lang.org/std/os/windows/fs/fn.symlink_file.html use std::io::*; use std::io::{self, Read, Stdin}; fn input_from() -> io::Result<()> { let mut buffer = String::new(); let mut stdin = io::stdin(); // We get `Stdin` here. stdin.read_to_string(&mut buffer)?; Ok(()) } fn main() -> std::io::Result<()> { let mut shortcut_dir = String::from("D:winr"); println!("Your script path:"); let mut buffer1 = String::new(); let mut stdin ..

Read more

Recently, I’ve studied dll injection techniques using CreateRemoteThread, and I found something interesting. I just opened the process with PROCESS_QUERY_LIMITED_INFORMATION and called CreateRemoteThread with its handle. Surprisingly it worked. The funny thing about this, I tried create remote thread in the same way with another function NtCreateThreadEx which is an internal function of CreateRemoteThread and ..

Read more

I used the PowerShell command from here, to install Miniconda in silent mode: Miniconda3-latest-Windows-x86_64.exe /InstallationType=JustMe /AddToPath=0 /RegisterPython=0 /NoRegistry=1 everything was fine and I could run conda, python, and jupyter from any of the terminals. But when I restarted the computer all those environment variables disappeared, getting the error message: ‘conda’ is not recognized as an ..

Read more