WINDOWS PRIVESC - Windows Built-in Groups - SeBackupPrivilegeCmdLets.dll

Hi. In module writed about privilege escalation through SeBackupPrivilegeCmdLets.dll that imports with command Import-Module .\SeBackupPrivilegeCmdLets.dll. But on victim machine it replies:

  • + "Import-Module : Could not load file or assembly
    'file:///C:\Users\svc_backup\Downloads\Debug\SeBackupPrivilegeCmdLets.dll' or 
    one of its dependencies. 
    Operation is not supported. (Exception from HRESULT: 0x80131515)
    + At line:1 char:1
    + Import-Module .\SeBackupPrivilegeCmdLets.dll
      + CategoryInfo          : NotSpecified: (:) [Import-Module], FileLoadException
      + FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.ImportModuleCommand"

I ve rebuilded project with .NET 4.8 but nothing changed. Tries of import with admin powershell -exec bypass. Am I missing something obvious?

Is anyone solved this section?

Hey its most likely because you were trying to write the file to a directory where you don’t have permissions, I was doing the same thing. If you have done the other steps correctly you can use this:

Copy-FileSeBackupPrivilege ‘C:\Users\Administrator\Desktop\SeBackupPrivilege\flag.txt’ C:\Users\svc_backup\Desktop\Contract.txt

This will copy and rename the file to the desktop of svc_backup. Then navigate there and ‘cat’ or ‘more’ the file. you should be good from there.

how you solve it???

never mind i found the dlls inside tools folder

1 Like