NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

SeRestore Privilege -> Administrator

Open RajChowdhury240 opened this issue 6 months ago • 2 comments

This is an amazing project by xct.

https://github.com/xct/SeRestoreAbuse

.\SeRestoreAbuse.exe "cmd /c net localgroup administrators <local-username-to-be-added-as-adminstrator> /add"

is it possible to integrate this with nxc

Scenario : low priv user having SeRestorePrivilege can Escalate Direct to Administrator using nxc itself

RajChowdhury240 avatar Jul 13 '25 16:07 RajChowdhury240

From the code it looks like it just sets a regkey for SecLogon and then starts the service with powershell, so you can do that with the reg-query module, then just run the powershell with -X.

Marshall-Hallenbeck avatar Jul 13 '25 18:07 Marshall-Hallenbeck

Feel free to contribute such a module :)

NeffIsBack avatar Jul 13 '25 22:07 NeffIsBack