powershell 实现,利用printconfig.dll来提权
evil dll可以自己定义,我这里的dll会执行c:\programdata\setup.bat文件
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668
https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop
1.利用RASPLAP服务提权 https://github.com/NotGlop/SysExec/blob/master/source/SysExec.cpp
2.利用RASMAN服务提权