BITSservice having the MiTM listener on
127.0.0.1:6666and when you have
SeAssignPrimaryTokenprivileges. During a Windows build review we found a setup where
BITSwas intentionally disabled and port
BITSthere are a several COM servers we can abuse. They just need to:
SeAssignPrimaryTokenprivileges then you are SYSTEM.
DCOMCNFGbut good luck, this is gonna be challenging.
* SERVICEaccounts. Stopping
DCOMwould certainly inhibit this exploit but could have a serious impact on the underlying OS.