In your pentesting activities, there are many circumstances where you need to “migrate” your Windows working process, typically a shell,to a different process and some scenarios can be:

  1. You have an unstable shell and need to move to a more robust process on the victim’s machine (typically explorer.exe which will live until the victim doesn’t log off)
  2. Some exploits require interactive session and if your process lives in session 0, for example a service, you need to switch  to a different one. Well known exploits such as the “Secondary Logon Handle Privilege Escalation” or the  more recent “Microsoft Windows – COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation” don’t work in session 0
  3. You need to migrate from a 32 bits process to a 64 bits process

Keep in mind that you can only migrate to processes according to your privileges, so if you are a standard user you can only migrate to processes with same privileges as the source application.

Rest of article here


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s