tccli configure set --secretId AKID... --secretKey xxx --region ap-guangzhou tccli cvm DescribeInstances
Once the manual process is understood, TCM Security introduces tools to speed up the process. These tools scan the system for the vulnerabilities mentioned above automatically.
TCM Security Research Team Topic: Windows Privilege Escalation (Cloud-Focused) Target Audience: Red Teamers, Blue Teamers, Cloud Security Engineers
If a service path contains spaces and is not enclosed in quotes , Windows will try to interpret each segment up to the space as an executable.
Once SYSTEM is achieved on a TCM Windows host:
Service configurations are stored in HKLM\SYSTEM\CurrentControlSet\Services . If a user has write access via regedit or subinacl , you can modify the image path.
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
This paper is for authorized security testing and defensive education only. Unauthorized privilege escalation violates Tencent Cloud AUP and applicable laws.
tccli configure set --secretId AKID... --secretKey xxx --region ap-guangzhou tccli cvm DescribeInstances
Once the manual process is understood, TCM Security introduces tools to speed up the process. These tools scan the system for the vulnerabilities mentioned above automatically.
TCM Security Research Team Topic: Windows Privilege Escalation (Cloud-Focused) Target Audience: Red Teamers, Blue Teamers, Cloud Security Engineers tcm security windows privilege escalation
If a service path contains spaces and is not enclosed in quotes , Windows will try to interpret each segment up to the space as an executable.
Once SYSTEM is achieved on a TCM Windows host: tccli configure set --secretId AKID
Service configurations are stored in HKLM\SYSTEM\CurrentControlSet\Services . If a user has write access via regedit or subinacl , you can modify the image path.
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" you can modify the image path.
This paper is for authorized security testing and defensive education only. Unauthorized privilege escalation violates Tencent Cloud AUP and applicable laws.