Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges

Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges
Download Copy
Title: Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges
Author: TW-D

This payload launches a new cmd.exe process with elevated privileges under TrustedInstaller, by setting the TrustedInstaller process as the parent, the cmd.exe process inherits TrustedInstaller's privileges.

Execution is the method of either remotely or locally running code — malicious or otherwise — on a target computer. Execution is typically coupled with other techniques to carry out more complex tasks, like performing reconnaissance, exfiltration or credential harvesting. Execution may be ephemeral, or coupled with persistence techniques used to maintain remote access or continued code execution. See all execution payloads.

This payload is for the USB Rubber Ducky — a "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds. It's no wonder this little quacker has made appearances on Mr. Robot, FBI, Blacklist, National Geography and more!

Submit your own payload, or browse more featured USB Rubber Ducky Payloads.

 

 

Related Payloads

Flood Gateway
Flood Gateway
This payload detects the Gateway IP then proceeds to send SYN/ACK/RST/UDP to the Gateway
Read More
FileHunter
FileHunter
Crawls all drives of the target system for a specific file or file type, to then compress and exfiltrate them to the Duc
Read More
Silent File Exfiltrator
Silent File Exfiltrator
This DS1 payload executes a stealthy script that silently collects and exfiltrates specific file types through Discord w
Read More