Skip to content
/ PetitPotam Public

替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized

147 stars 20 forks Branches Tags Activity
Star
Notifications

crisprss/PetitPotam

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

.vs/petitpotam/v16

.vs/petitpotam/v16

 
 

packages

packages

 
 

x64/Release

x64/Release

 
 

README.md

README.md

 
 

efsr.cpp

efsr.cpp

 
 

efsr_c.c

efsr_c.c

 
 

efsr_h.h

efsr_h.h

 
 

efsr_s.c

efsr_s.c

 
 

packages.config

packages.config

 
 

petitpotam.sln

petitpotam.sln

 
 

petitpotamLearn.vcxproj

petitpotamLearn.vcxproj

 
 

petitpotamLearn.vcxproj.filters

petitpotamLearn.vcxproj.filters

 
 

petitpotamLearn.vcxproj.user

petitpotamLearn.vcxproj.user

 
 

Repository files navigation

PetitPotam

description

替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数

借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式

Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized

Use

Petitpotam提供了如下几种接口函数用于本地提权:

1.EfsRpcOpenFileRaw (fixed with CVE-2021-36942)
2: EfsRpcEncryptFileSrv_Downlevel
3: EfsRpcDecryptFileSrv_Downlevel
4: EfsRpcQueryUsersOnFile_Downlevel
5: EfsRpcQueryRecoveryAgents_Downlevel
6: EfsRpcRemoveUsersFromFile_Downlevel
7: EfsRpcAddUsersToFile_Downlevel

Usage:Petitpotam -m <EFS-API-to-use> -c //选择对应的索引即可

notice

管道模拟RPC安全上下文需要SecurityImpersonation权限,因此适用于Service服务用户提权至SYSTEM用户

example

About

替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized

Resources

Readme
Activity

Stars

147 stars

Watchers

3 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages