Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new Windows command getprivs #478

Merged
merged 3 commits into from
Jul 25, 2021
Merged

Add new Windows command getprivs #478

merged 3 commits into from
Jul 25, 2021

Conversation

RafBishopFox
Copy link
Collaborator

Add a new command for Windows: getprivs. It is similar to the output of whoami /priv. Here is sample output from a process with administrator privileges.

sliver (MUTUAL_POCKETBOOK) > getprivs

Privilege Information for Current Process
-----------------------------------------
Name                                      	Description                                                        	Attributes
====                                      	===========                                                        	==========
SeIncreaseQuotaPrivilege                  	Adjust memory quotas for a process                                 	(Disabled)
SeSecurityPrivilege                       	Manage auditing and security log                                   	(Disabled)
SeTakeOwnershipPrivilege                  	Take ownership of files or other objects                           	(Disabled)
SeLoadDriverPrivilege                     	Load and unload device drivers                                     	(Disabled)
SeSystemProfilePrivilege                  	Profile system performance                                         	(Disabled)
SeSystemtimePrivilege                     	Change the system time                                             	(Disabled)
SeProfileSingleProcessPrivilege           	Profile single process                                             	(Disabled)
SeIncreaseBasePriorityPrivilege           	Increase scheduling priority                                       	(Disabled)
SeCreatePagefilePrivilege                 	Create a pagefile                                                  	(Disabled)
SeBackupPrivilege                         	Back up files and directories                                      	(Disabled)
SeRestorePrivilege                        	Restore files and directories                                      	(Disabled)
SeShutdownPrivilege                       	Shut down the system                                               	(Disabled)
SeDebugPrivilege                          	Debug programs                                                     	(Enabled)
SeSystemEnvironmentPrivilege              	Modify firmware environment values                                 	(Disabled)
SeChangeNotifyPrivilege                   	Bypass traverse checking                                           	(Enabled, Enabled by Default)
SeRemoteShutdownPrivilege                 	Force shutdown from a remote system                                	(Disabled)
SeUndockPrivilege                         	Remove computer from docking station                               	(Disabled)
SeManageVolumePrivilege                   	Perform volume maintenance tasks                                   	(Disabled)
SeImpersonatePrivilege                    	Impersonate a client after authentication                          	(Enabled, Enabled by Default)
SeCreateGlobalPrivilege                   	Create global objects                                              	(Enabled, Enabled by Default)
SeIncreaseWorkingSetPrivilege             	Increase a process working set                                     	(Disabled)
SeTimeZonePrivilege                       	Change the time zone                                               	(Disabled)
SeCreateSymbolicLinkPrivilege             	Create symbolic links                                              	(Disabled)
SeDelegateSessionUserImpersonatePrivilege 	Obtain an impersonation token for another user in the same session 	(Disabled)

@moloch-- moloch-- merged commit d928ca5 into BishopFox:master Jul 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants