Demoing a technique hackers can use for privilege escalation and persistence. It gets you admin privileges at the NT Authority/System level which makes it priv esc. What makes it persistence is that the process, JagexLauncher.exe runs at startup. That means every time the user starts/restarts their windows desktop, it runs the JagexLauncher process, and the process starts the malicious DLL that is really a reverse shell. As long as the attacker has a listener running on the port specified (p 9500 in this example), it’ll catch a new reverse shell at the admin level.
#cyber #cybersecurity #hacking #pentesting #redteam #TTP
Directing taking this from a friends blog:
Негізгі бет DLL Hijacking
Пікірлер