WINDOWS PRIVESC - Windows Built-in Groups - SeBackupPrivilegeCmdLets.dll

galertaw · April 19, 2023, 5:41am

Hi. In module writed about privilege escalation through SeBackupPrivilegeCmdLets.dll that imports with command Import-Module .\SeBackupPrivilegeCmdLets.dll. But on victim machine it replies:

+ "Import-Module : Could not load file or assembly
'file:///C:\Users\svc_backup\Downloads\Debug\SeBackupPrivilegeCmdLets.dll' or 
one of its dependencies. 
Operation is not supported. (Exception from HRESULT: 0x80131515)
+ At line:1 char:1
+ Import-Module .\SeBackupPrivilegeCmdLets.dll
  + CategoryInfo          : NotSpecified: (:) [Import-Module], FileLoadException
  + FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.ImportModuleCommand"

I ve rebuilded project with .NET 4.8 but nothing changed. Tries of import with admin powershell -exec bypass. Am I missing something obvious?

galertaw · April 26, 2023, 4:04am

Is anyone solved this section?

jtl5087 · April 26, 2023, 10:14pm

Hey its most likely because you were trying to write the file to a directory where you don’t have permissions, I was doing the same thing. If you have done the other steps correctly you can use this:

Copy-FileSeBackupPrivilege ‘C:\Users\Administrator\Desktop\SeBackupPrivilege\flag.txt’ C:\Users\svc_backup\Desktop\Contract.txt

This will copy and rename the file to the desktop of svc_backup. Then navigate there and ‘cat’ or ‘more’ the file. you should be good from there.

SweetLikeTwinkie · July 15, 2023, 1:49pm

how you solve it???

never mind i found the dlls inside tools folder