Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow audit mode if running as high integrity (returns almost only false positives) #11

Closed
wants to merge 1 commit into from
Closed

Do not allow audit mode if running as high integrity (returns almost only false positives) #11

wants to merge 1 commit into from

Conversation

cnotin
Copy link
Contributor

@cnotin cnotin commented Aug 28, 2018

Closes #10

In a high integrity process I get a helpful indication:

> SharpUp.exe

=== SharpUp: Running Privilege Escalation Checks ===

[*] Already in high integrity, no need to privesc!

[*] To run all checks anyway (audit mode), re-run as medium integrity, and with the "audit" argument.


[*] Completed Privesc Checks in 0 seconds

Now I try to enforce the audit mode but still as a high integrity, it refuses:

> SharpUp.exe audit

=== SharpUp: Running Privilege Escalation Checks ===

[*] Already in high integrity, no need to privesc!

[X] Cannot run audit mode within an high integrity process.

[*] To run all checks anyway (audit mode), re-run as medium integrity, and with the "audit" argument.


[*] Completed Privesc Checks in 0 seconds

Then, in a medium integrity process (e.g. UAC non-elevated):

>SharpUp.exe

=== SharpUp: Running Privilege Escalation Checks ===

[*] In medium integrity but user is a local administrator- UAC can be bypassed.

[*] To run all checks anyway (audit mode), re-run with the "audit" argument.


[*] Completed Privesc Checks in 0 seconds

I can still use the audit mode and get meaningful results:

>SharpUp.exe audit

=== SharpUp: Running Privilege Escalation Checks ===

[*] In medium integrity but user is a local administrator- UAC can be bypassed.

[*] Audit mode: running all checks anyway.


=== Modifiable Services ===



=== Modifiable Service Binaries ===

[...]

@djhohnstein djhohnstein mentioned this pull request Sep 13, 2021
Merged
@HarmJ0y HarmJ0y closed this in #19 Sep 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Audit mode generates many false positives if the user is already admin _and_ elevated
1 participant
@cnotin