Skip to content

techlinn/System-Escalator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
privileges.py
privileges.py
 
 

Repository files navigation

System Escalator

This script is a modified version of RunAsSystem.py originally created by joren485.
It is a Windows privilege escalator that duplicates a SYSTEM token from winlogon.exe and launches a process with system elevated rights.

Usage

  1. Run the script as Administrator (required).
  2. It will attempt to find winlogon.exe running as SYSTEM.
  3. If successful, it launches a SYSTEM command prompt:
python privileges.py

If successful, you should see:

[*] Found system IL process winlogon.exe with PID: 888
    [+] Grabbing token
    [*] Impersonating System IL token
[*] Triggering payload PID: 1234

⚠️ Requirements

  • Windows system (this is only tested on w11 22h2).
  • Python 3.x with no extra dependencies (only uses ctypes, part of the standard library).
  • Must be executed from an elevated Administrator command prompt.

About

A python windows privilege escalation tool using winlogon.exe token duplication

Resources

Readme
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages