April 23, 2022
In this tutorial, we will see how to escalate our privileges from an account that is a member of the "Server Operators Group" and gain "nt authority\system" level privileges. Members of this group can start and stop system services.
The net user svc-printer command shows some information regarding the "svc-printer" account. We can see that it is part of the "Server Operators" group.
We need to upload nc.exe (netcat) to the target box.
Let's modify the binary path of "vss" and point it to a netcat reverse shell.
It restarts the "vss" service.
Once the "vss" service is started, we can catch the reverse shell in a netcat listener on our own box.
If you liked reading this article, you can follow me on Twitter: mujtabareads.