Windows 10 Privilege Escalation (Sound Research SECOMN service) https://github.com/sailay1996/SECOMN_EoP …pic.twitter.com/PkK4d3LWNp
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
You may be correct but most of the user machines in real life already have the user writeable path in env variable. There is a lot of CVE like this vuln. Example:https://www.terabitweb.com/2019/08/17/trend-micro-password-manager-flaw-html/ …
Yeah but without the service to hijack, why would the writable path matter?
Then how do you exploit it after?
Stage the DLL(SMB beacon perhaps) and wait for a reboot. In some cases you may be all the trigger the load without a reboot. It just depends on the application and what a low privilege user can do. There are other MS and third party DLLs that can be used.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.