Breaking

Why the Markdown Variants? git list files in a local and remote branch Kubernetes tool comparison Kubernetes core tools git rename (branch/release-tag) risks

home

Powershell

TrustedInstaller

By Frank Earnhardt #

sc config TrustedInstaller binPath= “cmd.exe /C del path/to/file”
sc config TrustedInstaller binPath= “C:\Windows\servicing\TrustedInstaller.exe”

SeDebugPrivilege

PS Set-NtTokenPrivilege SeDebugPrivilege
PS Start-Service TrustedInstaller
PS $p = Get-NtProcess -Name TrustedInstaller.exe
PS $t = $p.OpenToken()
PS $t.Groups | Where-Object {$_.Sid.Name -match “TrustedInstaller”}

PS Install-Module -Name NtObjectManager -RequiredVersion 1.1.32
PS Import NtObjectManager
PS $proc = $p = New-Win32Process cmd.exe -CreationFlags NewConsole -ParentProcess $p
PS $proc.Process.User

On new console, try whoami /groups

PS Restart-Service TrustedInstaller
PS $p = Get-NtProcess -Name TrustedInstaller.exe
PS $p
PS $th = $p.GetFirstThread()
PS $th
PS $current = Get-NtThread -Current PseudoHandle
PS $imp = $current.ImpersonateThread($th)
PS $imp_token = Get-NtToken -Impersonation
PS $imp_token
PS $imp_token.Groups

By Frank Earnhardt

Related Post

Microsoft Powershell

Powershell

Frank Earnhardt
bash Powershell script

Find-Hidden-JPEG-Files

Frank Earnhardt
Docker How-To Powershell

Install Docker on Windows Server 2019

Frank Earnhardt

Leave a Reply

You Missed

Ghost Hugo Markdown Obsidian

Why the Markdown Variants?

git How-To

git list files in a local and remote branch

Kubernetes

Kubernetes tool comparison

Kubernetes

Kubernetes core tools